Why is pam_authenticate() returning "Authentication Failure" for valid user/passwd?
Linux - EnterpriseThis forum is for all items relating to using Linux in the Enterprise.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Why is pam_authenticate() returning "Authentication Failure" for valid user/passwd?
I am new to managing my own Redhat Linux ES box.
I have added a login capability to a program I have written, asking the user to log in using a LINUX username and to supply the correct LINUX password. I have gotten a lot of help from pwauth source code.
The problem is, I can't get password authentication to work on my standalone LINUX ES box. I first wrote my user password authentication routine to use the routines getpwnam() and crypt() but that didn't work since /etc/passwd seems to only contain "x" for passwords. I see that /etc/shadow has the real password in it and am guessing my box is configured to use PAM for user password authentication.
I have modified my program to instead use PAM for password authentication the same way pwauth does: pam_start() followed by pam_authenticate(). The problem is that pam_authenticate always returns 'Authentication failure' even though I am using a valid username and password.
Is it possible my system is using shadow passwords without PAM?
No, you're probably using PAM. However, in /etc/pam.d/, there are configuration files for each service that is using PAM. I haven't used PAM before (programatically), but you might just need to add a file in there.
Thanks very much, David. I appreciate your response. I did find something last night that is now allowing pam_authenticate() to return PAM_SUCCESS and it was indeed something in the /etc/pam.d directory. I needed to modify the file "other" which had pam_deny listed for all authorizations and I had to change them all to pam_unix:
OLD version of "other":
#%PAM-1.0
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_deny.so
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_deny.so
NEW version of other:
auth required /lib/security/$ISA/pam_unix.so
account required /lib/security/$ISA/pam_unix.so
password required /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow nis
session required /lib/security/$ISA/pam_unix.so
I modified "other" rather than creating an application-specific authorization file in here which I think is ok to do.
I had the same problem, i open the file /etc/shadow and the user wasn't there. So i copy the user mail and rename the new entry. And that do the trick. Then i change the user password (passwd username).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.