Why is pam_authenticate() returning "Authentication Failure" for valid user/passwd?
I am new to managing my own Redhat Linux ES box.
I have added a login capability to a program I have written, asking the user to log in using a LINUX username and to supply the correct LINUX password. I have gotten a lot of help from pwauth source code. The problem is, I can't get password authentication to work on my standalone LINUX ES box. I first wrote my user password authentication routine to use the routines getpwnam() and crypt() but that didn't work since /etc/passwd seems to only contain "x" for passwords. I see that /etc/shadow has the real password in it and am guessing my box is configured to use PAM for user password authentication. I have modified my program to instead use PAM for password authentication the same way pwauth does: pam_start() followed by pam_authenticate(). The problem is that pam_authenticate always returns 'Authentication failure' even though I am using a valid username and password. Is it possible my system is using shadow passwords without PAM? I can supply my source code if it would help. Thank you! Julie |
No, you're probably using PAM. However, in /etc/pam.d/, there are configuration files for each service that is using PAM. I haven't used PAM before (programatically), but you might just need to add a file in there.
|
Thanks very much, David. I appreciate your response. I did find something last night that is now allowing pam_authenticate() to return PAM_SUCCESS and it was indeed something in the /etc/pam.d directory. I needed to modify the file "other" which had pam_deny listed for all authorizations and I had to change them all to pam_unix:
OLD version of "other": #%PAM-1.0 auth required /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_deny.so password required /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_deny.so NEW version of other: auth required /lib/security/$ISA/pam_unix.so account required /lib/security/$ISA/pam_unix.so password required /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow nis session required /lib/security/$ISA/pam_unix.so I modified "other" rather than creating an application-specific authorization file in here which I think is ok to do. |
Solucion!!!!
I had the same problem, i open the file /etc/shadow and the user wasn't there. So i copy the user mail and rename the new entry. And that do the trick. Then i change the user password (passwd username).
|
All times are GMT -5. The time now is 02:41 PM. |