How to get around PAM_AUTHTOK_RECOVERY_ERR?
 

Hi,
Following is my environment :-
I created a user account called ADMIN1 with a password in RHEL 5
I verified that it is created properly by logging out and logging in as ADMIN1.
Now I have an application, wherein if I login as ADMIN1 and then the password which would allow me in the application.
This authentication takes place against the native Linux database i.e. /etc/passwd.
I have populated the file secspawn in /etc/pam.d/ with the following entries :-

auth required /lib/security/pam_warn.so
auth required /lib/security/pam_unix.so debug
account required /lib/security/pam_warn.so
account required /lib/security/pam_unix.so debug
password required /lib/security/pam_warn.so
password required /lib/security/pam_unix.so debug
session required /lib/security/pam_warn.so
session required /lib/security/pam_unix.so debug

After that I run my application wherein the pam_conv structure has a callback which is customised to my application.

Then for authentication we are using the same functions :-
i.e. pam_start(), pam_authenticate(), pam_acct_mgmt() etc.

Now I find that the pam_start returns successfully , I verified this
by checking the pamh which is of type pam_handle_t using
pam_get_item using PAM_USER as one of the types.
It gives me the correct user i.e. ADMIN1.
Similarly for PAM_SERVICE too i checked and it gave me the correct service i.e. secspawn.

However when it goes to pam_authenticate function it returns PAM_AUTHTOK_RECOVERY_ERR which means Authentication information cannot be recovered.

My question is what could be going wrong? How do I get around this error?
What checks do I need to do in order to see where I am getting stuck?

Please let me know

Regards,
Rajendra S.