* [mdk-re] pam + openwebmail
@ 2002-03-12 17:08 Peter V. Saveliev
2002-03-12 17:32 ` Dmitry V. Levin
0 siblings, 1 reply; 7+ messages in thread
From: Peter V. Saveliev @ 2002-03-12 17:08 UTC (permalink / raw)
To: ALT Linux
Hello!
Прикручиваю openwebmail. Вариант с auth_unix отсох сразу,
пытаюсь задействовать auth_pam. Согласно инструциям
создал файл /etc/pam.d/openwebmail с содержимым:
8<------------------------------------------------------
#%PAM-1.0
auth required /lib/security/pam_tcb.so
account required /lib/security/pam_tcb.so
password required /lib/security/pam_tcb.so
8<------------------------------------------------------
pam_tcb.so подставлен взамен рекомендуемого pam_unix.so
В логах:
Mar 12 17:02:35 peet pam_tcb[16565]: Credentials for user nata unknown
Mar 12 17:02:35 peet pam_tcb[16565]: openwebmail: Authentication failed for UNKNOWN USER from (uid=96)
Вот как обстоит дело при su - nata:
Mar 12 17:07:23 peet pam_tcb[16749]: su: Authentication passed for nata from peet(uid=501)
Mar 12 17:07:23 peet pam_tcb[16749]: su: Session opened for nata by peet(uid=501)
Mar 12 17:07:23 peet pam_limits[16749]: checking if nata is in group root
Можно ли это исправить и как? Я _не_ специалист в pam, и,
более того, у меня не хватит времени с ним разбираться глубже
моего общеобразовательного уровня.
Заранее спасибо,
Петр.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [mdk-re] pam + openwebmail
2002-03-12 17:08 [mdk-re] pam + openwebmail Peter V. Saveliev
@ 2002-03-12 17:32 ` Dmitry V. Levin
2002-03-12 19:14 ` Peter V. Saveliev
2002-03-12 19:24 ` Peter V. Saveliev
0 siblings, 2 replies; 7+ messages in thread
From: Dmitry V. Levin @ 2002-03-12 17:32 UTC (permalink / raw)
To: ALT Linux Spring mailing list
[-- Attachment #1: Type: text/plain, Size: 1063 bytes --]
On Tue, Mar 12, 2002 at 05:18:15PM +0300, Peter V. Saveliev wrote:
> Прикручиваю openwebmail. Вариант с auth_unix отсох сразу,
> пытаюсь задействовать auth_pam. Согласно инструциям
> создал файл /etc/pam.d/openwebmail с содержимым:
>
> 8<------------------------------------------------------
> #%PAM-1.0
> auth required /lib/security/pam_tcb.so
> account required /lib/security/pam_tcb.so
> password required /lib/security/pam_tcb.so
> 8<------------------------------------------------------
>
> pam_tcb.so подставлен взамен рекомендуемого pam_unix.so
А теперь замените
/lib/security/pam_tcb.so
на
/lib/security/pam_stack.so service=system-auth
Regards,
Dmitry
+-------------------------------------------------------------------------+
Dmitry V. Levin mailto://ldv@alt-linux.org
ALT Linux Team http://www.altlinux.com/
Fandra Project http://www.fandra.org/
+-------------------------------------------------------------------------+
UNIX is user friendly. It's just very selective about who its friends are.
[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [mdk-re] pam + openwebmail
2002-03-12 17:32 ` Dmitry V. Levin
@ 2002-03-12 19:14 ` Peter V. Saveliev
2002-03-12 19:24 ` Peter V. Saveliev
1 sibling, 0 replies; 7+ messages in thread
From: Peter V. Saveliev @ 2002-03-12 19:14 UTC (permalink / raw)
To: mandrake-russian
On Tue, 12 Mar 2002 17:44:41 +0300
"Dmitry V. Levin" <ldv@alt-linux.org> wrote:
> А теперь замените
> /lib/security/pam_tcb.so
> на
> /lib/security/pam_stack.so service=system-auth
то же, вид сбоку. Не верю я в чудеса: системный логин проходит,
а этот - нет. Строчки - те же. Может, где опечатался? Еще раз
проверю, но днем не работало.
Петр.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [mdk-re] pam + openwebmail
2002-03-12 17:32 ` Dmitry V. Levin
2002-03-12 19:14 ` Peter V. Saveliev
@ 2002-03-12 19:24 ` Peter V. Saveliev
2002-03-12 20:06 ` Dmitry V. Levin
1 sibling, 1 reply; 7+ messages in thread
From: Peter V. Saveliev @ 2002-03-12 19:24 UTC (permalink / raw)
To: mandrake-russian
Вот как выглядит файл в pam.d:
[peet@peet peet]$ ls -l /etc/pam.d/openwebmail
-rw-r--r-- 1 root root 233 Мар 12 17:05 /etc/pam.d/openwebmail
Вот что написано в модуле auth_pam для webmail:
8<-------------------------------------------------------------------------
my $pam_servicename="openwebmail";
my $pam_passwdfile="/etc/passwd";
8<-------------------------------------------------------------------------
Вот содержимое /etc/pam.d/openwebmail:
8<-------------------------------------------------------------------------
#%PAM-1.0
auth required /lib/security/pam_stack.so service=system-auth
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
8<-------------------------------------------------------------------------
А вот содержимое логов:
8<-------------------------------------------------------------------------
Mar 12 19:26:02 peet pam_tcb[22346]: Credentials for user peet unknown
Mar 12 19:26:02 peet pam_tcb[22343]: openwebmail: Authentication failed for UNKNOWN USER from (uid=96)
8<-------------------------------------------------------------------------
Куда еще можно глянуть? Может, где debug level выставить?
Спасибо,
Петр.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [mdk-re] pam + openwebmail
2002-03-12 19:24 ` Peter V. Saveliev
@ 2002-03-12 20:06 ` Dmitry V. Levin
2002-03-12 22:40 ` Peter V. Saveliev
0 siblings, 1 reply; 7+ messages in thread
From: Dmitry V. Levin @ 2002-03-12 20:06 UTC (permalink / raw)
To: ALT Linux Spring mailing list
[-- Attachment #1: Type: text/plain, Size: 1908 bytes --]
On Tue, Mar 12, 2002 at 07:34:14PM +0300, Peter V. Saveliev wrote:
> Вот как выглядит файл в pam.d:
>
> [peet@peet peet]$ ls -l /etc/pam.d/openwebmail
> -rw-r--r-- 1 root root 233 Мар 12 17:05 /etc/pam.d/openwebmail
нормально
> Вот что написано в модуле auth_pam для webmail:
> 8<-------------------------------------------------------------------------
> my $pam_servicename="openwebmail";
> my $pam_passwdfile="/etc/passwd";
наличие упоминания "/etc/passwd" настораживает.
> Вот содержимое /etc/pam.d/openwebmail:
> 8<-------------------------------------------------------------------------
> #%PAM-1.0
> auth required /lib/security/pam_stack.so service=system-auth
> account required /lib/security/pam_stack.so service=system-auth
> password required /lib/security/pam_stack.so service=system-auth
> 8<-------------------------------------------------------------------------
нормально
> А вот содержимое логов:
> 8<-------------------------------------------------------------------------
> Mar 12 19:26:02 peet pam_tcb[22346]: Credentials for user peet unknown
> Mar 12 19:26:02 peet pam_tcb[22343]: openwebmail: Authentication failed for UNKNOWN USER from (uid=96)
> 8<-------------------------------------------------------------------------
Как этот openwebmail работает с pam? Исходники есть?
> Куда еще можно глянуть? Может, где debug level выставить?
добавить
debug
в список параметров для pam_stack.so:
/lib/security/pam_stack.so service=system-auth debug
Regards,
Dmitry
+-------------------------------------------------------------------------+
Dmitry V. Levin mailto://ldv@alt-linux.org
ALT Linux Team http://www.altlinux.com/
Fandra Project http://www.fandra.org/
+-------------------------------------------------------------------------+
UNIX is user friendly. It's just very selective about who its friends are.
[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [mdk-re] pam + openwebmail
2002-03-12 20:06 ` Dmitry V. Levin
@ 2002-03-12 22:40 ` Peter V. Saveliev
2002-03-13 2:54 ` Sergey Plyukhin
0 siblings, 1 reply; 7+ messages in thread
From: Peter V. Saveliev @ 2002-03-12 22:40 UTC (permalink / raw)
To: mandrake-russian
[-- Attachment #1: Type: text/plain, Size: 2807 bytes --]
Hello!
auth_pam - в аттаче. Это про исходники. Там совсем немного. А вот ответ
pam на добавление параметра debug во все три строчки /etc/pam.d/openwebmail:
Mar 12 22:44:00 peet pam_stack[6515]: called for "PAM_AUTHENTICATE"
Mar 12 22:44:00 peet pam_stack[6515]: called from "openwebmail"
Mar 12 22:44:00 peet pam_stack[6515]: initializing
Mar 12 22:44:00 peet pam_stack[6515]: creating child stack `system-auth'
Mar 12 22:44:00 peet pam_stack[6515]: creating environment
Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_AUTHTOK to child: source is NULL
Mar 12 22:44:00 peet pam_stack[6515]: passing PAM_CONV to child
Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_FAIL_DELAY to child: source not set
Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_OLDAUTHTOK to child: source is NULL
Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_RHOST to child: source is NULL
Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_RUSER to child: source is NULL
Mar 12 22:44:00 peet pam_stack[6515]: passing PAM_SERVICE to child
Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_TTY to child: source is NULL
Mar 12 22:44:00 peet pam_stack[6515]: passing PAM_USER to child
Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_USER_PROMPT to child: source is NULL
Mar 12 22:44:00 peet pam_stack[6515]: passing data to child
Mar 12 22:44:00 peet pam_stack[6515]: calling substack
Mar 12 22:44:00 peet pam_tcb[6518]: Credentials for user nata unknown
Mar 12 22:44:00 peet pam_tcb[6515]: openwebmail: Authentication failed for UNKNOWN USER from (uid=96)
Mar 12 22:44:00 peet pam_stack[6515]: substack returned 9 (Authentication service cannot retrieve authentication info.)
Mar 12 22:44:00 peet pam_stack[6515]: passing PAM_AUTHTOK to parent
Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_CONV to parent: destination already set
Mar 12 22:44:00 peet pam_stack[6515]: passing PAM_FAIL_DELAY to parent
Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_OLDAUTHTOK to parent: source is NULL
Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_RHOST to parent: source is NULL
Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_RUSER to parent: source is NULL
Mar 12 22:44:00 peet pam_stack[6515]: passing PAM_SERVICE to parent
Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_TTY to parent: source is NULL
Mar 12 22:44:00 peet pam_stack[6515]: passing PAM_USER to parent
Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_USER_PROMPT to parent: source is NULL
Mar 12 22:44:00 peet pam_stack[6515]: passing data back
Mar 12 22:44:00 peet pam_stack[6515]: passing former back
Mar 12 22:44:00 peet pam_stack[6515]: returning 9 (Authentication service cannot retrieve authentication info.)
Mar 12 22:44:02 peet pam_stack[6515]: freeing stack data for `system-auth' service
Петр.
[-- Attachment #2: auth_pam.tar.gz --]
[-- Type: application/x-gzip, Size: 1427 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [mdk-re] pam + openwebmail
2002-03-12 22:40 ` Peter V. Saveliev
@ 2002-03-13 2:54 ` Sergey Plyukhin
0 siblings, 0 replies; 7+ messages in thread
From: Sergey Plyukhin @ 2002-03-13 2:54 UTC (permalink / raw)
To: mandrake-russian
Извините, что вмешиваюсь, но у меня абсолютно аналогичная проблема только
с vlock (и в X c блокировкой экрана). Уже и в BTS отправлял - без ответа.
при запуске vlock -пишет
pam_stack[5578]: called for "PAM_AUTHENTICATE"
pam_stack[5578]: called from "vlock"
pam_stack[5578]: initializing
pam_stack[5578]: creating child stack `system-auth'
pam_stack[5578]: creating environment
pam_stack[5578]: NOT passing PAM_AUTHTOK to child: source is NULL
pam_stack[5578]: passing PAM_CONV to child
pam_stack[5578]: NOT passing PAM_FAIL_DELAY to child: source not set
pam_stack[5578]: NOT passing PAM_OLDAUTHTOK to child: source is NULL
pam_stack[5578]: NOT passing PAM_RHOST to child: source is NULL
pam_stack[5578]: NOT passing PAM_RUSER to child: source is NULL
pam_stack[5578]: passing PAM_SERVICE to child
pam_stack[5578]: passing PAM_TTY to child
pam_stack[5578]: passing PAM_USER to child
pam_stack[5578]: NOT passing PAM_USER_PROMPT to child: source is NULL
pam_stack[5578]: passing data to child
pam_stack[5578]: calling substack
соответственно и не находит пользователя при запросе :-(
С наилучшими пожеланиями-
Сергей Плюхин=
On Tue, Mar 12, 2002 at 10:49:47PM +0300, Peter V. Saveliev wrote:
> Hello!
>
> auth_pam - в аттаче. Это про исходники. Там совсем немного. А вот ответ
> pam на добавление параметра debug во все три строчки /etc/pam.d/openwebmail:
>
> Mar 12 22:44:00 peet pam_stack[6515]: called for "PAM_AUTHENTICATE"
> Mar 12 22:44:00 peet pam_stack[6515]: called from "openwebmail"
> Mar 12 22:44:00 peet pam_stack[6515]: initializing
> Mar 12 22:44:00 peet pam_stack[6515]: creating child stack `system-auth'
> Mar 12 22:44:00 peet pam_stack[6515]: creating environment
> Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_AUTHTOK to child: source is NULL
> Mar 12 22:44:00 peet pam_stack[6515]: passing PAM_CONV to child
> Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_FAIL_DELAY to child: source not set
> Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_OLDAUTHTOK to child: source is NULL
> Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_RHOST to child: source is NULL
> Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_RUSER to child: source is NULL
> Mar 12 22:44:00 peet pam_stack[6515]: passing PAM_SERVICE to child
> Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_TTY to child: source is NULL
> Mar 12 22:44:00 peet pam_stack[6515]: passing PAM_USER to child
> Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_USER_PROMPT to child: source is NULL
> Mar 12 22:44:00 peet pam_stack[6515]: passing data to child
> Mar 12 22:44:00 peet pam_stack[6515]: calling substack
> Mar 12 22:44:00 peet pam_tcb[6518]: Credentials for user nata unknown
> Mar 12 22:44:00 peet pam_tcb[6515]: openwebmail: Authentication failed for UNKNOWN USER from (uid=96)
> Mar 12 22:44:00 peet pam_stack[6515]: substack returned 9 (Authentication service cannot retrieve authentication info.)
> Mar 12 22:44:00 peet pam_stack[6515]: passing PAM_AUTHTOK to parent
> Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_CONV to parent: destination already set
> Mar 12 22:44:00 peet pam_stack[6515]: passing PAM_FAIL_DELAY to parent
> Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_OLDAUTHTOK to parent: source is NULL
> Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_RHOST to parent: source is NULL
> Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_RUSER to parent: source is NULL
> Mar 12 22:44:00 peet pam_stack[6515]: passing PAM_SERVICE to parent
> Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_TTY to parent: source is NULL
> Mar 12 22:44:00 peet pam_stack[6515]: passing PAM_USER to parent
> Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_USER_PROMPT to parent: source is NULL
> Mar 12 22:44:00 peet pam_stack[6515]: passing data back
> Mar 12 22:44:00 peet pam_stack[6515]: passing former back
> Mar 12 22:44:00 peet pam_stack[6515]: returning 9 (Authentication service cannot retrieve authentication info.)
> Mar 12 22:44:02 peet pam_stack[6515]: freeing stack data for `system-auth' service
>
> Петр.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2002-03-13 2:54 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2002-03-12 17:08 [mdk-re] pam + openwebmail Peter V. Saveliev
2002-03-12 17:32 ` Dmitry V. Levin
2002-03-12 19:14 ` Peter V. Saveliev
2002-03-12 19:24 ` Peter V. Saveliev
2002-03-12 20:06 ` Dmitry V. Levin
2002-03-12 22:40 ` Peter V. Saveliev
2002-03-13 2:54 ` Sergey Plyukhin
ALT Linux Community general discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 community community/ http://lore.altlinux.org/community \
mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com
public-inbox-index community
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.community
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git