PAM rules inside pam.d
Ivan Grover
ivangrvr299 at gmail.com
Fri Feb 27 08:10:44 PST 2009
I debugged pam_unix aswell, it looks like
crypt function is giving different strings for telnet and my application
with same passwd string and salt. So i think the issue could be with crypt
library linked telnet and my application.
please let me know your thoughts
crypt(plaintext_ptr, salt);
On Fri, Feb 27, 2009 at 7:48 PM, Ivan Grover <ivangrvr299 at gmail.com> wrote:
> Hi,
> Iam sorry my observation was wrong.
>
> I debugged the problem, it looks strange, these are my findings :
>
> I have my PAM rules for my service as
>
> auth required /lib/security/pam_securetty.so
> auth required pam_stack.so service=system-auth
> auth required /lib/security/pam_nologin.so
>
> The pam_unix module returns authentication failure from pam_unix.so from
> pam_stack.so , hence the control reaches pam_nologin.so.
>
> The same rules work well with telnet/ftp , but fails for my service
>
> I have checked the username, password passed to PAM module by changing the
> sources of pam_nologin.so, they are proper. I didnt had sources for
> pam_unix, so iam not able to detect the exact problem.
>
> My suspect is that my application using my PAM service might have done some
> fd leaks or any other problem. But the max fds open by my application are
> 185 which is still below max limit(OPEN_MAX)
>
> Restarting the application resolves the problem and iam able to
> authenticate user
>
>
> can anyone help me what could be the problem.
>
>
> Thanks and Best Regards,
>
>
>
> On Wed, Feb 25, 2009 at 1:11 AM, Dag-Erling Smørgrav <des at des.no> wrote:
>
>> Ivan Grover <ivangrvr299 at gmail.com> writes:
>> > Now, after upgrading PAM modules (pam_unix.so, pam_stack.so..) and
>> > library [...]
>>
>> Upgrading from what to what?
>>
>> Have you tried the standard debugging procedure?
>>
>> DES
>> --
>> Dag-Erling Smørgrav - des at des.no
>>
>
>
More information about the freebsd-security
mailing list