Re: PAM rules inside pam.d
- From: Ivan Grover <ivangrvr299@xxxxxxxxx>
- Date: Fri, 27 Feb 2009 21:40:42 +0530
I debugged pam_unix aswell, it looks like
crypt function is giving different strings for telnet and my application
with same passwd string and salt. So i think the issue could be with crypt
library linked telnet and my application.
please let me know your thoughts
On Fri, Feb 27, 2009 at 7:48 PM, Ivan Grover <ivangrvr299@xxxxxxxxx> wrote:
Iam sorry my observation was wrong.
I debugged the problem, it looks strange, these are my findings :
I have my PAM rules for my service as
auth required /lib/security/pam_securetty.so
auth required pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
The pam_unix module returns authentication failure from pam_unix.so from
pam_stack.so , hence the control reaches pam_nologin.so.
The same rules work well with telnet/ftp , but fails for my service
I have checked the username, password passed to PAM module by changing the
sources of pam_nologin.so, they are proper. I didnt had sources for
pam_unix, so iam not able to detect the exact problem.
My suspect is that my application using my PAM service might have done some
fd leaks or any other problem. But the max fds open by my application are
185 which is still below max limit(OPEN_MAX)
Restarting the application resolves the problem and iam able to
can anyone help me what could be the problem.
Thanks and Best Regards,
On Wed, Feb 25, 2009 at 1:11 AM, Dag-Erling Smørgrav <des@xxxxxx> wrote:
Ivan Grover <ivangrvr299@xxxxxxxxx> writes:
Now, after upgrading PAM modules (pam_unix.so, pam_stack.so..) and
Upgrading from what to what?
Have you tried the standard debugging procedure?
Dag-Erling Smørgrav - des@xxxxxx
freebsd-security@xxxxxxxxxxx mailing list
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- Prev by Date: Re: PAM rules inside pam.d
- Previous by thread: Re: PAM rules inside pam.d