ALT Linux Community general discussions
 help / color / mirror / Atom feed
* [mdk-re] pam + openwebmail
@ 2002-03-12 17:08 Peter V. Saveliev
  2002-03-12 17:32 ` Dmitry V. Levin
  0 siblings, 1 reply; 7+ messages in thread
From: Peter V. Saveliev @ 2002-03-12 17:08 UTC (permalink / raw)
  To: ALT Linux

Hello!

Прикручиваю openwebmail. Вариант с auth_unix отсох сразу,
пытаюсь задействовать auth_pam. Согласно инструциям
создал файл /etc/pam.d/openwebmail с содержимым:

8<------------------------------------------------------
#%PAM-1.0
auth    required        /lib/security/pam_tcb.so
account required        /lib/security/pam_tcb.so
password        required        /lib/security/pam_tcb.so
8<------------------------------------------------------

pam_tcb.so подставлен взамен рекомендуемого pam_unix.so

В логах:

Mar 12 17:02:35 peet pam_tcb[16565]: Credentials for user nata unknown
Mar 12 17:02:35 peet pam_tcb[16565]: openwebmail: Authentication failed for UNKNOWN USER from (uid=96)


Вот как обстоит дело при su - nata:

Mar 12 17:07:23 peet pam_tcb[16749]: su: Authentication passed for nata from peet(uid=501)
Mar 12 17:07:23 peet pam_tcb[16749]: su: Session opened for nata by peet(uid=501)
Mar 12 17:07:23 peet pam_limits[16749]: checking if nata is in group root


Можно ли это исправить и как? Я _не_ специалист в pam, и,
более того, у меня не хватит времени с ним разбираться глубже
моего общеобразовательного уровня.

Заранее спасибо,
Петр.



^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [mdk-re] pam + openwebmail
  2002-03-12 17:08 [mdk-re] pam + openwebmail Peter V. Saveliev
@ 2002-03-12 17:32 ` Dmitry V. Levin
  2002-03-12 19:14   ` Peter V. Saveliev
  2002-03-12 19:24   ` Peter V. Saveliev
  0 siblings, 2 replies; 7+ messages in thread
From: Dmitry V. Levin @ 2002-03-12 17:32 UTC (permalink / raw)
  To: ALT Linux Spring mailing list

[-- Attachment #1: Type: text/plain, Size: 1063 bytes --]

On Tue, Mar 12, 2002 at 05:18:15PM +0300, Peter V. Saveliev wrote:
> Прикручиваю openwebmail. Вариант с auth_unix отсох сразу,
> пытаюсь задействовать auth_pam. Согласно инструциям
> создал файл /etc/pam.d/openwebmail с содержимым:
> 
> 8<------------------------------------------------------
> #%PAM-1.0
> auth    required        /lib/security/pam_tcb.so
> account required        /lib/security/pam_tcb.so
> password        required        /lib/security/pam_tcb.so
> 8<------------------------------------------------------
> 
> pam_tcb.so подставлен взамен рекомендуемого pam_unix.so

А теперь замените
/lib/security/pam_tcb.so
на
/lib/security/pam_stack.so service=system-auth


Regards,
	Dmitry

+-------------------------------------------------------------------------+
Dmitry V. Levin     mailto://ldv@alt-linux.org
ALT Linux Team      http://www.altlinux.com/
Fandra Project      http://www.fandra.org/
+-------------------------------------------------------------------------+
UNIX is user friendly. It's just very selective about who its friends are.

[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [mdk-re] pam + openwebmail
  2002-03-12 17:32 ` Dmitry V. Levin
@ 2002-03-12 19:14   ` Peter V. Saveliev
  2002-03-12 19:24   ` Peter V. Saveliev
  1 sibling, 0 replies; 7+ messages in thread
From: Peter V. Saveliev @ 2002-03-12 19:14 UTC (permalink / raw)
  To: mandrake-russian

On Tue, 12 Mar 2002 17:44:41 +0300
"Dmitry V. Levin" <ldv@alt-linux.org> wrote:

> А теперь замените
> /lib/security/pam_tcb.so
> на
> /lib/security/pam_stack.so service=system-auth

то же, вид сбоку. Не верю я в чудеса: системный логин проходит,
а этот - нет. Строчки - те же. Может, где опечатался? Еще раз
проверю, но днем не работало.

Петр.



^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [mdk-re] pam + openwebmail
  2002-03-12 17:32 ` Dmitry V. Levin
  2002-03-12 19:14   ` Peter V. Saveliev
@ 2002-03-12 19:24   ` Peter V. Saveliev
  2002-03-12 20:06     ` Dmitry V. Levin
  1 sibling, 1 reply; 7+ messages in thread
From: Peter V. Saveliev @ 2002-03-12 19:24 UTC (permalink / raw)
  To: mandrake-russian

Вот как выглядит файл в pam.d:

[peet@peet peet]$ ls -l /etc/pam.d/openwebmail
-rw-r--r--    1 root     root          233 Мар 12 17:05 /etc/pam.d/openwebmail

Вот что написано в модуле auth_pam для webmail:
8<-------------------------------------------------------------------------
my $pam_servicename="openwebmail";
my $pam_passwdfile="/etc/passwd";
8<-------------------------------------------------------------------------

Вот содержимое /etc/pam.d/openwebmail:
8<-------------------------------------------------------------------------
#%PAM-1.0
auth    required        /lib/security/pam_stack.so service=system-auth
account required        /lib/security/pam_stack.so service=system-auth
password        required        /lib/security/pam_stack.so service=system-auth
8<-------------------------------------------------------------------------

А вот содержимое логов:
8<-------------------------------------------------------------------------
Mar 12 19:26:02 peet pam_tcb[22346]: Credentials for user peet unknown
Mar 12 19:26:02 peet pam_tcb[22343]: openwebmail: Authentication failed for UNKNOWN USER from (uid=96)
8<-------------------------------------------------------------------------

Куда еще можно глянуть? Может, где debug level выставить?

Спасибо,
Петр.



^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [mdk-re] pam + openwebmail
  2002-03-12 19:24   ` Peter V. Saveliev
@ 2002-03-12 20:06     ` Dmitry V. Levin
  2002-03-12 22:40       ` Peter V. Saveliev
  0 siblings, 1 reply; 7+ messages in thread
From: Dmitry V. Levin @ 2002-03-12 20:06 UTC (permalink / raw)
  To: ALT Linux Spring mailing list

[-- Attachment #1: Type: text/plain, Size: 1908 bytes --]

On Tue, Mar 12, 2002 at 07:34:14PM +0300, Peter V. Saveliev wrote:
> Вот как выглядит файл в pam.d:
> 
> [peet@peet peet]$ ls -l /etc/pam.d/openwebmail
> -rw-r--r--    1 root     root          233 Мар 12 17:05 /etc/pam.d/openwebmail

нормально

> Вот что написано в модуле auth_pam для webmail:
> 8<-------------------------------------------------------------------------
> my $pam_servicename="openwebmail";
> my $pam_passwdfile="/etc/passwd";

наличие упоминания "/etc/passwd" настораживает.

> Вот содержимое /etc/pam.d/openwebmail:
> 8<-------------------------------------------------------------------------
> #%PAM-1.0
> auth    required        /lib/security/pam_stack.so service=system-auth
> account required        /lib/security/pam_stack.so service=system-auth
> password        required        /lib/security/pam_stack.so service=system-auth
> 8<-------------------------------------------------------------------------

нормально

> А вот содержимое логов:
> 8<-------------------------------------------------------------------------
> Mar 12 19:26:02 peet pam_tcb[22346]: Credentials for user peet unknown
> Mar 12 19:26:02 peet pam_tcb[22343]: openwebmail: Authentication failed for UNKNOWN USER from (uid=96)
> 8<-------------------------------------------------------------------------

Как этот openwebmail работает с pam? Исходники есть?

> Куда еще можно глянуть? Может, где debug level выставить?

добавить
debug
в список параметров для pam_stack.so:
/lib/security/pam_stack.so service=system-auth debug


Regards,
	Dmitry

+-------------------------------------------------------------------------+
Dmitry V. Levin     mailto://ldv@alt-linux.org
ALT Linux Team      http://www.altlinux.com/
Fandra Project      http://www.fandra.org/
+-------------------------------------------------------------------------+
UNIX is user friendly. It's just very selective about who its friends are.

[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [mdk-re] pam + openwebmail
  2002-03-12 20:06     ` Dmitry V. Levin
@ 2002-03-12 22:40       ` Peter V. Saveliev
  2002-03-13  2:54         ` Sergey Plyukhin
  0 siblings, 1 reply; 7+ messages in thread
From: Peter V. Saveliev @ 2002-03-12 22:40 UTC (permalink / raw)
  To: mandrake-russian

[-- Attachment #1: Type: text/plain, Size: 2807 bytes --]

Hello!

auth_pam  - в аттаче. Это про исходники. Там совсем немного. А вот ответ
pam на добавление параметра debug во все три строчки /etc/pam.d/openwebmail:

Mar 12 22:44:00 peet pam_stack[6515]: called for "PAM_AUTHENTICATE"
Mar 12 22:44:00 peet pam_stack[6515]: called from "openwebmail"
Mar 12 22:44:00 peet pam_stack[6515]: initializing
Mar 12 22:44:00 peet pam_stack[6515]: creating child stack `system-auth'
Mar 12 22:44:00 peet pam_stack[6515]: creating environment
Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_AUTHTOK to child: source is NULL
Mar 12 22:44:00 peet pam_stack[6515]: passing PAM_CONV to child
Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_FAIL_DELAY to child: source not set
Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_OLDAUTHTOK to child: source is NULL
Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_RHOST to child: source is NULL
Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_RUSER to child: source is NULL
Mar 12 22:44:00 peet pam_stack[6515]: passing PAM_SERVICE to child
Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_TTY to child: source is NULL
Mar 12 22:44:00 peet pam_stack[6515]: passing PAM_USER to child
Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_USER_PROMPT to child: source is NULL
Mar 12 22:44:00 peet pam_stack[6515]: passing data to child
Mar 12 22:44:00 peet pam_stack[6515]: calling substack
Mar 12 22:44:00 peet pam_tcb[6518]: Credentials for user nata unknown
Mar 12 22:44:00 peet pam_tcb[6515]: openwebmail: Authentication failed for UNKNOWN USER from (uid=96)
Mar 12 22:44:00 peet pam_stack[6515]: substack returned 9 (Authentication service cannot retrieve authentication info.)
Mar 12 22:44:00 peet pam_stack[6515]: passing PAM_AUTHTOK to parent
Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_CONV to parent: destination already set
Mar 12 22:44:00 peet pam_stack[6515]: passing PAM_FAIL_DELAY to parent
Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_OLDAUTHTOK to parent: source is NULL
Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_RHOST to parent: source is NULL
Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_RUSER to parent: source is NULL
Mar 12 22:44:00 peet pam_stack[6515]: passing PAM_SERVICE to parent
Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_TTY to parent: source is NULL
Mar 12 22:44:00 peet pam_stack[6515]: passing PAM_USER to parent
Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_USER_PROMPT to parent: source is NULL
Mar 12 22:44:00 peet pam_stack[6515]: passing data back
Mar 12 22:44:00 peet pam_stack[6515]: passing former back
Mar 12 22:44:00 peet pam_stack[6515]: returning 9 (Authentication service cannot retrieve authentication info.)
Mar 12 22:44:02 peet pam_stack[6515]: freeing stack data for `system-auth' service

Петр.

[-- Attachment #2: auth_pam.tar.gz --]
[-- Type: application/x-gzip, Size: 1427 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [mdk-re] pam + openwebmail
  2002-03-12 22:40       ` Peter V. Saveliev
@ 2002-03-13  2:54         ` Sergey Plyukhin
  0 siblings, 0 replies; 7+ messages in thread
From: Sergey Plyukhin @ 2002-03-13  2:54 UTC (permalink / raw)
  To: mandrake-russian

Извините, что вмешиваюсь, но у меня абсолютно аналогичная проблема только
с vlock (и в X c блокировкой экрана). Уже и в BTS отправлял - без ответа.

при запуске vlock -пишет

pam_stack[5578]: called for "PAM_AUTHENTICATE"
pam_stack[5578]: called from "vlock"
pam_stack[5578]: initializing
pam_stack[5578]: creating child stack `system-auth'
pam_stack[5578]: creating environment
pam_stack[5578]: NOT passing PAM_AUTHTOK to child: source is NULL
pam_stack[5578]: passing PAM_CONV to child
pam_stack[5578]: NOT passing PAM_FAIL_DELAY to child: source not set
pam_stack[5578]: NOT passing PAM_OLDAUTHTOK to child: source is NULL
pam_stack[5578]: NOT passing PAM_RHOST to child: source is NULL
pam_stack[5578]: NOT passing PAM_RUSER to child: source is NULL
pam_stack[5578]: passing PAM_SERVICE to child
pam_stack[5578]: passing PAM_TTY to child
pam_stack[5578]: passing PAM_USER to child
pam_stack[5578]: NOT passing PAM_USER_PROMPT to child: source is NULL
pam_stack[5578]: passing data to child
pam_stack[5578]: calling substack

соответственно и не находит пользователя при запросе :-(

С наилучшими пожеланиями-
Сергей Плюхин=

On Tue, Mar 12, 2002 at 10:49:47PM +0300, Peter V. Saveliev wrote:
> Hello!
> 
> auth_pam  - в аттаче. Это про исходники. Там совсем немного. А вот ответ
> pam на добавление параметра debug во все три строчки /etc/pam.d/openwebmail:
> 
> Mar 12 22:44:00 peet pam_stack[6515]: called for "PAM_AUTHENTICATE"
> Mar 12 22:44:00 peet pam_stack[6515]: called from "openwebmail"
> Mar 12 22:44:00 peet pam_stack[6515]: initializing
> Mar 12 22:44:00 peet pam_stack[6515]: creating child stack `system-auth'
> Mar 12 22:44:00 peet pam_stack[6515]: creating environment
> Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_AUTHTOK to child: source is NULL
> Mar 12 22:44:00 peet pam_stack[6515]: passing PAM_CONV to child
> Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_FAIL_DELAY to child: source not set
> Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_OLDAUTHTOK to child: source is NULL
> Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_RHOST to child: source is NULL
> Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_RUSER to child: source is NULL
> Mar 12 22:44:00 peet pam_stack[6515]: passing PAM_SERVICE to child
> Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_TTY to child: source is NULL
> Mar 12 22:44:00 peet pam_stack[6515]: passing PAM_USER to child
> Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_USER_PROMPT to child: source is NULL
> Mar 12 22:44:00 peet pam_stack[6515]: passing data to child
> Mar 12 22:44:00 peet pam_stack[6515]: calling substack
> Mar 12 22:44:00 peet pam_tcb[6518]: Credentials for user nata unknown
> Mar 12 22:44:00 peet pam_tcb[6515]: openwebmail: Authentication failed for UNKNOWN USER from (uid=96)
> Mar 12 22:44:00 peet pam_stack[6515]: substack returned 9 (Authentication service cannot retrieve authentication info.)
> Mar 12 22:44:00 peet pam_stack[6515]: passing PAM_AUTHTOK to parent
> Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_CONV to parent: destination already set
> Mar 12 22:44:00 peet pam_stack[6515]: passing PAM_FAIL_DELAY to parent
> Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_OLDAUTHTOK to parent: source is NULL
> Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_RHOST to parent: source is NULL
> Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_RUSER to parent: source is NULL
> Mar 12 22:44:00 peet pam_stack[6515]: passing PAM_SERVICE to parent
> Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_TTY to parent: source is NULL
> Mar 12 22:44:00 peet pam_stack[6515]: passing PAM_USER to parent
> Mar 12 22:44:00 peet pam_stack[6515]: NOT passing PAM_USER_PROMPT to parent: source is NULL
> Mar 12 22:44:00 peet pam_stack[6515]: passing data back
> Mar 12 22:44:00 peet pam_stack[6515]: passing former back
> Mar 12 22:44:00 peet pam_stack[6515]: returning 9 (Authentication service cannot retrieve authentication info.)
> Mar 12 22:44:02 peet pam_stack[6515]: freeing stack data for `system-auth' service
> 
> Петр.




^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2002-03-13  2:54 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2002-03-12 17:08 [mdk-re] pam + openwebmail Peter V. Saveliev
2002-03-12 17:32 ` Dmitry V. Levin
2002-03-12 19:14   ` Peter V. Saveliev
2002-03-12 19:24   ` Peter V. Saveliev
2002-03-12 20:06     ` Dmitry V. Levin
2002-03-12 22:40       ` Peter V. Saveliev
2002-03-13  2:54         ` Sergey Plyukhin

ALT Linux Community general discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 community community/ http://lore.altlinux.org/community \
		mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com
	public-inbox-index community

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://lore.altlinux.org/org.altlinux.lists.community


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git