headers
akshar kanak | 3 Mar 2011 06:30
Picon

info regarding failure of modules

Dear Team
        When any PAM api (like pam_authenticate, pam_acct_mgmt etc
)fails . is it possible to get the information about which module has
actually failed  or matrix of oparation done on the module stack (Like
how each module operated and its status and its reasons for failure )
.

Thanks and regards
Akshar
Permalink | Reply | 1 comment |
headers
Thorsten Kukuk | 3 Mar 2011 07:23
Picon

Re: info regarding failure of modules

On Thu, Mar 03, akshar kanak wrote:

> Dear Team
>         When any PAM api (like pam_authenticate, pam_acct_mgmt etc
> )fails . is it possible to get the information about which module has
> actually failed  or matrix of oparation done on the module stack (Like
> how each module operated and its status and its reasons for failure )
> .

Not from the PAM api. Most modules have a debug option, which
will print more informations to syslog.

  Thorsten

--

-- 
Thorsten Kukuk, Project Manager/Release Manager SLES
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
GF: Markus Rex, HRB 16746 (AG Nuernberg)
Permalink | Reply | 0 comments |
headers
Palmer, Gerald | 3 Mar 2011 17:32

pam_env setting root PS1

it does not appear that you can use the "#" pound sign in any variable in the pam_env module. 
It looks like any pound is interpreted as the beginning of a comment.
 
As a result one cannot set the prompt string "PS1" for root to the "#" 
_______________________________________________
Pam-list mailing list
Pam-list <at> redhat.com
https://www.redhat.com/mailman/listinfo/pam-list
Permalink | Reply | 0 comments |
headers
Markus Scharitzer | 23 Mar 2011 13:47
Picon

pam_smb issue

Hi everybody!

I am having an issue regarding my pam configuration. I am trying to sync my unix/samba passwords, but everything i found online doesn't help. 

My System runs Gentoo/Samba 3.5.8 as PDC(roaming profiles host and so on) , and WinXP Clients. Domainjoin and Login work fine. But I want to change the Passwords from the Windows interface.  When I try to change the password using the Windows "change password" dialog. I get an error saying that i don't have permissions to do so. It works fine from the Unixshell.

Samba log looks like:

[2011/03/23 12:06:05.149471, 2] auth/auth.c:304(check_ntlm_password)
  check_ntlm_password: authentication for user [xx] -> [xx] -> [xx] succeeded 
[2011/03/23 12:06:05.152839, 0] auth/pampass.c:699(smb_pam_chauthtok)
PAM: User not known to PAM
[2011/03/23 12:06:05.152863, 2] auth/pampass.c:77(smb_pam_error_handler)
smb_pam_error_handler: PAM: Password Change Failed : User not known to the underlying authentication module
[2011/03/23 12:06:05.152873, 0] auth/pampass.c:861(smb_pam_passchange)
  smb_pam_passchange: PAM: Password Change Failed for user xx! 
[2011/03/23 12:06:05.156622, 0] auth/pampass.c:699(smb_pam_chauthtok)
PAM: User not known to PAM
[2011/03/23 12:06:05.156637, 2] auth/pampass.c:77(smb_pam_error_handler)
smb_pam_error_handler: PAM: Password Change Failed : User not known to the underlying authentication module
[2011/03/23 12:06:05.156650, 0] auth/pampass.c:861(smb_pam_passchange)
  smb_pam_passchange: PAM: Password Change Failed for user xx! 
[2011/03/23 12:06:05.162118, 0] auth/pampass.c:699(smb_pam_chauthtok)
PAM: User not known to PAM
[2011/03/23 12:06:05.162133, 2] auth/pampass.c:77(smb_pam_error_handler)
smb_pam_error_handler: PAM: Password Change Failed : User not known to the underlying authentication module
[2011/03/23 12:06:05.162143, 0] auth/pampass.c:861(smb_pam_passchange)
  smb_pam_passchange: PAM: Password Change Failed for xx! 
[2011/03/23 12:06:05.165908, 0] auth/pampass.c:699(smb_pam_chauthtok)
PAM: User not known to PAM
[2011/03/23 12:06:05.165923, 2] auth/pampass.c:77(smb_pam_error_handler)
smb_pam_error_handler: PAM: Password Change Failed : User not known to the underlying authentication module
[2011/03/23 12:06:05.165932, 0] auth/pampass.c:861(smb_pam_passchange)
  smb_pam_passchange: PAM: Password Change Failed for user xx!

my smb.conf looks like:

unix password sync = yes
pam password change = yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Re*ype*new*password* %n\n \
*passwd:*all*authentication*tokens*updated*successfully*

my pam-files look like:

samba:

<at> include system-auth
<at> include system-password

auth required pam_smbpass.so nodelay
account include system-auth
session include system-auth
password required pam_smbpass.so nodelay smbconf=/etc/samba/smb.conf

system-auth


auth required pam_env.so
auth required pam_unix.so try_first_pass likeauth nullok
auth optional pam_permit.so
auth optional pam_smbpass.so migrate

account required pam_unix.so
account optional pam_permit.so

password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
password required pam_unix.so try_first_pass use_authtok nullok sha512 shadow
password optional pam_permit.so
password required pam_smbpass.so nullok use_authok try_first_pass

session required pam_limits.so
session required pam_env.so
session required pam_unix.so
session optional pam_permit.so

system-password:

password requisite pam_unix.so nullok obscure min=4 max=8 md5
password required pam_smbpass.so nullok try_first_pass

Thanks kindly!

Best regards,

Markus
_______________________________________________
Pam-list mailing list
Pam-list <at> redhat.com
https://www.redhat.com/mailman/listinfo/pam-list
Permalink | Reply | 0 comments |
headers
Joel Wittenauer | 23 Mar 2011 15:00
Favicon

Joel Wittenauer/Lex/Lexmark is out of the office.

I will be out of the office starting 03/10/2011 and will not return until 03/24/2011.

I will respond to your message at the earliest convenience. If the matter is urgent, please contact my manager, Steve Rice, at x2-1516.

_______________________________________________
Pam-list mailing list
Pam-list <at> redhat.com
https://www.redhat.com/mailman/listinfo/pam-list
Permalink | Reply | 0 comments |
headers
Zhaozhi Teng via LinkedIn | 31 Mar 2011 16:38
Picon
Favicon

Zhaozhi Teng wants to stay in touch on LinkedIn

LinkedIn

Zhaozhi Teng requested to add you as a connection on LinkedIn:

pradeep,

I'd like to add you to my professional network on LinkedIn.

- Zhaozhi Teng

 
 View invitation from Zhaozhi Teng

 

WHY MIGHT CONNECTING WITH ZHAOZHI TENG BE A GOOD IDEA?

Have a question? Zhaozhi Teng's network will probably have an answer
You can use LinkedIn Answers to distribute your professional questions to Zhaozhi Teng and your extended network. You can get high-quality answers from experienced professionals.

 

© 2011, LinkedIn Corporation

_______________________________________________
Pam-list mailing list
Pam-list <at> redhat.com
https://www.redhat.com/mailman/listinfo/pam-list
Permalink | Reply | 0 comments |

Gmane