LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Why is pam_authenticate() returning "Authentication Failure" for valid user/passwd? (https://www.linuxquestions.org/questions/linux-newbie-8/why-is-pam_authenticate-returning-authentication-failure-for-valid-user-passwd-333136/)

jrsugar 06-13-2005 12:44 PM
Why is pam_authenticate() returning "Authentication Failure" for valid user/passwd?
 
I am new to managing my own Redhat Linux ES box.

I have added a login capability to a program I have written, asking the user to log in using a LINUX username and to supply the correct LINUX password. I have gotten a lot of help from pwauth source code.

The problem is, I can't get password authentication to work on my standalone LINUX ES box. I first wrote my user password authentication routine to use the routines getpwnam() and crypt() but that didn't work since /etc/passwd seems to only contain "x" for passwords. I see that /etc/shadow has the real password in it and am guessing my box is configured to use PAM for user password authentication.

I have modified my program to instead use PAM for password authentication the same way pwauth does: pam_start() followed by pam_authenticate(). The problem is that pam_authenticate always returns 'Authentication failure' even though I am using a valid username and password.

Is it possible my system is using shadow passwords without PAM?

I can supply my source code if it would help.

Thank you!
Julie

jrsugar 06-14-2005 11:45 AM
I am posting this in case it helps someone else in similar misery. There seem to very few PAM experts out there.

I found something last night that is now allowing pam_authenticate() to return PAM_SUCCESS and it was something in the /etc/pam.d directory. I needed to modify the file "other" which had pam_deny listed for all authorizations and I had to change them all to pam_unix:

OLD version of "other":
#%PAM-1.0
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_deny.so
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_deny.so

NEW version of other:
auth required /lib/security/$ISA/pam_unix.so
account required /lib/security/$ISA/pam_unix.so
password required /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow nis
session required /lib/security/$ISA/pam_unix.so

I modified "other" rather than creating an application-specific authorization file in here which I think is ok to do.

Tinkster 06-14-2005 02:49 PM
Please do not post the same thread in more than one forum. Picking the most relevant forum and posting it once there makes it easier for other members to help you and keeps the discussion all in one place.

http://www.linuxquestions.org/questi...hreadid=333213
http://www.linuxquestions.org/questi...hreadid=333221

http://www.linuxquestions.org/rules.php


I've closed this one despite the fact that it was the original one
since the one in Enterprise actually had a response.


All times are GMT -5. The time now is 01:01 AM.