LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Suse/Novell
User Name
Password
Suse/Novell This Forum is for the discussion of Suse Linux.

Notices

Reply
 
Search this Thread
Old 09-26-2007, 06:06 PM   #1
SVI
LQ Newbie
 
Registered: Sep 2007
Posts: 2

Rep: Reputation: 0
PAM Authentication Issue


Hi,
I have an application that authenticates users, but it only works when run as root, and when it's told to use PAM (doesn't work when it's told to use shadow file).

Users other than root are not able to run the application to authenticate users by either using shadow (kind of understandable as it needs root to see shadow) or PAM. So, a non-root user is unable to run the application to authenticate users.

The application uses the 'login' service.

This is what uname -a looks like:

Linux kamet 2.6.16.21-0.8-xen #1 SMP Mon Jul 3 18:25:39 UTC 2006 i686 i686 i386 GNU/Linux

login file (/etc/pam.d/login) is as follows:

################
#%PAM-1.0
#auth required pam_securetty.so
auth include common-auth
auth required pam_nologin.so
account include common-account
password include common-password
session include common-session
session required pam_lastlog.so nowtmp
session required pam_resmgr.so
session optional pam_mail.so standard
################

common-auth (/etc/pam.d/common-auth) is as follows:

################
#
auth required pam_env.so debug
auth required pam_unix2.so debug
################

nsswitch.conf (/etc/nsswitch.conf) is as follows:

################
passwd: files nis
shadow: files nis
group: files
################

PAM debug looks like this for FAILED scenario (xxxx is the name of the tool) when run as non-root and using PAM:

Sep 26 17:37:07 kamet xxxx: pam_unix2(login:auth): pam_sm_authenticate() called
Sep 26 17:37:07 kamet xxxx: pam_unix2(login:auth): username=[patqa2]
Sep 26 17:37:07 kamet xxxx: pam_unix2(login:auth): wrong password, return PAM_AUTH_ERR

########

and PAM debug looks like this for SUCCESS scenario (xxxx is the name of the tool) when run as root and using PAM:

Sep 26 17:42:57 kamet xxxx: pam_unix2(login:auth): pam_sm_authenticate() called
Sep 26 17:42:57 kamet xxxx: pam_unix2(login:auth): username=[patqa2]
Sep 26 17:42:58 kamet xxxx: pam_unix2(login:auth): pam_sm_authenticate: PAM_SUCCESS
Sep 26 17:42:58 kamet xxxx: pam_unix2(login:account): pam_sm_acct_mgmt() called
Sep 26 17:42:58 kamet xxxx: pam_unix2(login:account): username=[patqa2]
Sep 26 17:42:58 kamet xxxx: pam_unix2(login:account): expire() returned with 0

######

Quite obviously, the password is perfectly correct, and /etc/shadow has it as follows (patqa2 being the user name):
patqa2:$2a$10$AmVIpmoeKbGjeRUpMNxk2OVJWSnJRezLv3rH3o7oVFPeVHRCEr1hq:13782:0:99999:7:::

########

THE BIG QUESTION:
What's going on?
Any help would be greatly appreciated as I'm not really sure what's going on with this!
The tool is owned by the user patqa2.

Thanks much in advance.
Regards,
Sesh
 
Old 09-27-2007, 08:48 AM   #2
winfinit
Member
 
Registered: Jul 2006
Location: FL, Delray Beach
Distribution: Slackware11, LFS
Posts: 67

Rep: Reputation: 15
hmm well if file doesnt have a permissions to access your PAM auth file then it will fail, it is like shadow file in this case, you have passwd(644)file that has read access for everybody so any script can view it, and then passwd itself is owned by root, has a permission to access shadow. so i assume you should have same schema here, or what you can try to do is to change permissions for your PAM to 644 so it can be read by all users...

hope that helps
 
Old 09-27-2007, 01:28 PM   #3
SVI
LQ Newbie
 
Registered: Sep 2007
Posts: 2

Original Poster
Rep: Reputation: 0
Thanks, But...

That's not it...is there a limitation with SuSE that it won't let people use non-root (with setuid bit set) applications to use PAM effectively?

I have the same application on RH 5.0 that works fine (as also Solaris, HP, AIX - with PAM-Kerberos...)

Thanks.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Pam Authentication problem combatwombat Linux - Security 3 09-07-2007 07:32 AM
vsftpd using Ldap+pam authentication issue PhillipHuang Linux - Software 1 09-26-2006 10:43 PM
VNC with PAM authentication? make Linux - Software 2 06-07-2005 02:45 AM
PAM Pop3 Authentication vijaykcm Linux - Security 3 12-27-2004 11:38 AM
How does PAM Authentication Work? ejennings_98 Linux - Security 1 10-31-2003 02:29 PM


All times are GMT -5. The time now is 07:19 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration