headers
Tollef Fog Heen | 2 Aug 2009 08:55
Picon
Gravatar

Re: How to save a copy of user's input password?

]] Ian Michael Gumby 

| Sorry to jump in, but yes, its possible. But you'd have to write your
| own module and I don't think you'll get much help here because well,
| there's no 'white hat' reason to capture the password.

Sure there is, http://freshmeat.net/projects/pam_krb5_migrate/ is an
example of a whitehat reason to capture people's passwords.

--

-- 
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are
Permalink | Reply | 0 comments |
headers
Rafael.Sarmiento-Martinez | 2 Aug 2009 18:11
Favicon

Rafael Sarmiento is out of the office.

I will be out of the office starting  02/08/2009 and will not return until
10/08/2009.

I will respond to your message when I return.
Permalink | Reply | 0 comments |
headers
Lars-Erik Helander | 3 Aug 2009 14:25
Picon

Minimal configuration

I am trying to apply PAM to a Linux system. The system could be considered as minimal and there is no login at all (autologin of user XXX via rungetty).
The reason for use of PAM is to provide control of resource limits (rtprio, memlock, nice) to applications.

I would be very happy if someone would be able to guide me towards a working PAM configuration for the above mentioned system. I know the details of how to set up /etc/security/limits.conf and seek for help regarding how to set up the various pam config files required.

Kind Regards

Lars 

_______________________________________________
Pam-list mailing list
Pam-list <at> redhat.com
https://www.redhat.com/mailman/listinfo/pam-list
Permalink | Reply | 0 comments |
headers
Lars-Erik Helander | 3 Aug 2009 14:31
Picon

Minimal configuration

I am trying to apply PAM to a Linux system. The system could be considered
as minimal and there is no login at all (autologin of user XXX via
rungetty).
The reason for use of PAM is to provide control of resource limits (rtprio,
memlock, nice) to applications.

I would be very happy if someone would be able to guide me towards a working
PAM configuration for the above mentioned system. I know the details of how
to set up /etc/security/limits.conf and seek for help regarding how to set
up the various pam config files required.

Kind Regards

Lars

_______________________________________________
Pam-list mailing list
Pam-list <at> redhat.com
https://www.redhat.com/mailman/listinfo/pam-list
Permalink | Reply | 0 comments |
headers
Jason Gerfen | 3 Aug 2009 18:35
Picon
Favicon

Quick question about stack...

I have a quick question regarding the pam stack.

The reason I am asking is I am receiving errors and am unable to figure
out which module is logging the 'UNKNOWN' user message. I used to think
it was the pam_unix module but it seems I am wrong.

Here is a quick snippit of the log (/var/log/auth.log)
Aug  3 12:08:51 Gentoo-x86 login[20736]: pam_unix(login:auth): check
pass; user unknown
Aug  3 12:08:51 Gentoo-x86 login[20736]: pam_unix(login:auth):
authentication failure; logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost=
Aug  3 12:08:51 Gentoo-x86 login[20736]: pam_krb5[20736]: searching
'ou=campus,dc=search,dc=domain,dc=com' for 'testuser'...
Aug  3 12:08:51 Gentoo-x86 login[20736]: pam_krb5[20736]: found
'testuser' in 'ad', proceeding to resolve to uid/gid pair...
Aug  3 12:08:51 Gentoo-x86 login[20736]: pam_krb5[20736]: authentication
succeeds for 'testuser' (testuser <at> UTAH.EDU)
Aug  3 12:08:54 Gentoo-x86 login[20736]: FAILED LOGIN (1) on 'tty1' FOR
`UNKNOWN', User not known to the underlying authentication module

Not sure what module is sending that last line to the logs. Any help is
appreciated.

--

-- 
Jas

"Tomorrow isn't promised so we live for today"
Permalink | Reply | 4 comments |
headers
Thorsten Kukuk | 3 Aug 2009 18:56
Picon

Re: Quick question about stack...

On Mon, Aug 03, Jason Gerfen wrote:

> I have a quick question regarding the pam stack.
> 
> The reason I am asking is I am receiving errors and am unable to figure
> out which module is logging the 'UNKNOWN' user message. I used to think
> it was the pam_unix module but it seems I am wrong.
> 
> Here is a quick snippit of the log (/var/log/auth.log)
> Aug  3 12:08:51 Gentoo-x86 login[20736]: pam_unix(login:auth): check
> pass; user unknown
> Aug  3 12:08:51 Gentoo-x86 login[20736]: pam_unix(login:auth):
> authentication failure; logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost=
> Aug  3 12:08:51 Gentoo-x86 login[20736]: pam_krb5[20736]: searching
> 'ou=campus,dc=search,dc=domain,dc=com' for 'testuser'...
> Aug  3 12:08:51 Gentoo-x86 login[20736]: pam_krb5[20736]: found
> 'testuser' in 'ad', proceeding to resolve to uid/gid pair...
> Aug  3 12:08:51 Gentoo-x86 login[20736]: pam_krb5[20736]: authentication
> succeeds for 'testuser' (testuser <at> UTAH.EDU)
> Aug  3 12:08:54 Gentoo-x86 login[20736]: FAILED LOGIN (1) on 'tty1' FOR
> `UNKNOWN', User not known to the underlying authentication module
> 
> Not sure what module is sending that last line to the logs. Any help is
> appreciated.

The login application itself, as result of the pam_unix failure.

  Thorsten

--

-- 
Thorsten Kukuk, Project Manager/Release Manager SLES
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
GF: Markus Rex, HRB 16746 (AG Nuernberg)
Permalink | Reply | 2 comments |
headers
Jason Gerfen | 3 Aug 2009 19:18
Picon
Favicon

Re: Quick question about stack...

Thorsten Kukuk wrote:
> On Mon, Aug 03, Jason Gerfen wrote:
> 
>> I have a quick question regarding the pam stack.
>>
>> The reason I am asking is I am receiving errors and am unable to figure
>> out which module is logging the 'UNKNOWN' user message. I used to think
>> it was the pam_unix module but it seems I am wrong.
>>
>> Here is a quick snippit of the log (/var/log/auth.log)
>> Aug  3 12:08:51 Gentoo-x86 login[20736]: pam_unix(login:auth): check
>> pass; user unknown
>> Aug  3 12:08:51 Gentoo-x86 login[20736]: pam_unix(login:auth):
>> authentication failure; logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost=
>> Aug  3 12:08:51 Gentoo-x86 login[20736]: pam_krb5[20736]: searching
>> 'ou=campus,dc=search,dc=domain,dc=com' for 'testuser'...
>> Aug  3 12:08:51 Gentoo-x86 login[20736]: pam_krb5[20736]: found
>> 'testuser' in 'ad', proceeding to resolve to uid/gid pair...
>> Aug  3 12:08:51 Gentoo-x86 login[20736]: pam_krb5[20736]: authentication
>> succeeds for 'testuser' (testuser <at> UTAH.EDU)
>> Aug  3 12:08:54 Gentoo-x86 login[20736]: FAILED LOGIN (1) on 'tty1' FOR
>> `UNKNOWN', User not known to the underlying authentication module
>>
>> Not sure what module is sending that last line to the logs. Any help is
>> appreciated.
> 
> The login application itself, as result of the pam_unix failure.
> 
>   Thorsten
> 
So at least one module is not returning the PAM_SUCCESS flag?

--

-- 
Jas

"Tomorrow isn't promised so we live for today"
Permalink | Reply | 1 comment |
headers
Thorsten Kukuk | 3 Aug 2009 19:13
Picon

Re: Quick question about stack...

On Mon, Aug 03, Jason Gerfen wrote:

> Thorsten Kukuk wrote:
> > On Mon, Aug 03, Jason Gerfen wrote:
> > 
> >> I have a quick question regarding the pam stack.
> >>
> >> The reason I am asking is I am receiving errors and am unable to figure
> >> out which module is logging the 'UNKNOWN' user message. I used to think
> >> it was the pam_unix module but it seems I am wrong.
> >>
> >> Here is a quick snippit of the log (/var/log/auth.log)
> >> Aug  3 12:08:51 Gentoo-x86 login[20736]: pam_unix(login:auth): check
> >> pass; user unknown
> >> Aug  3 12:08:51 Gentoo-x86 login[20736]: pam_unix(login:auth):
> >> authentication failure; logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost=
     ^^^^^^^^^^^^^^^^^^^^^^^

> >> Aug  3 12:08:51 Gentoo-x86 login[20736]: pam_krb5[20736]: searching
> >> 'ou=campus,dc=search,dc=domain,dc=com' for 'testuser'...
> >> Aug  3 12:08:51 Gentoo-x86 login[20736]: pam_krb5[20736]: found
> >> 'testuser' in 'ad', proceeding to resolve to uid/gid pair...
> >> Aug  3 12:08:51 Gentoo-x86 login[20736]: pam_krb5[20736]: authentication
> >> succeeds for 'testuser' (testuser <at> UTAH.EDU)
> >> Aug  3 12:08:54 Gentoo-x86 login[20736]: FAILED LOGIN (1) on 'tty1' FOR
> >> `UNKNOWN', User not known to the underlying authentication module
> >>
> >> Not sure what module is sending that last line to the logs. Any help is
> >> appreciated.
> > 
> > The login application itself, as result of the pam_unix failure.
> > 
> >   Thorsten
> > 
> So at least one module is not returning the PAM_SUCCESS flag?

If a module reports an authentication error, it will of course
not return the PAM_SUCCESS flag.

  Thorsten

--

-- 
Thorsten Kukuk, Project Manager/Release Manager SLES
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
GF: Markus Rex, HRB 16746 (AG Nuernberg)
Permalink | Reply | 0 comments |
headers
Ali Corbin | 3 Aug 2009 19:48
Favicon

Re: Quick question about stack...

On Mon, Aug 3, 2009 at 9:35 AM, Jason Gerfen<jason.gerfen <at> scl.utah.edu> wrote:
> Aug  3 12:08:51 Gentoo-x86 login[20736]: pam_unix(login:auth): check
> pass; user unknown
> Aug  3 12:08:51 Gentoo-x86 login[20736]: pam_unix(login:auth):
> authentication failure; logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost=
Permalink | Reply | 0 comments |
headers
Jason Gerfen | 3 Aug 2009 22:01
Picon
Favicon

pam_unix, pam_putenv() and pam_getenv()

After a bit of researching I would like to clarify that utilizing the
pam_putenv() function would allow me to pass a UID/GID pair to the
pam_unix authentication module as long as the pam_unix module utilizes
the pam_getenv() function to recognize a valid UID/GID pair vs utilizing
the getpwnam() function.

Please forgive me if this is off topic for this list.
--

-- 
Jas

"Tomorrow isn't promised so we live for today"
Permalink | Reply | 3 comments |

Gmane