OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Brian Clark (brianjfusionwerks.com)
Date: Thu Nov 01 2001 - 18:02:30 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    2:18:48 PM on 11/1/01, Solar Designer wrote:

    >> First I used AUTH_MAN_USERPASS, but it failed, so I switched it to
                         ^^^
                         Whoops. Too many man pages.

    SD> Did you install pam_userpass and stack it for popa3d? If not then
    SD> it couldn't have worked.

    Ah, OK I learned something new then. I'm not familiar with PAM enough
    to know what I'm looking for -- even if it explicitly says, "Talk to
    pam_userpass via Linux-PAM binary prompts." :-)

    >> Nov 1 14:18:10 cla PAM-warn[15217]: service: popa3d [on terminal: <unknown>]
    >> Nov 1 14:18:10 cla PAM-warn[15217]: user: (uid=0) -> foo [remote: ?nobody?nowhere]

    SD> You seem to have pam_warn somewhere in the PAM stack for popa3d.
    SD> Why, do you need it?

    I guess that would be this?

    % egrep -i pam_warn /etc/pam.d/*
    /etc/pam.d/other:auth required /lib/security/pam_warn.so
    /etc/pam.d/other:account required /lib/security/pam_warn.so
    /etc/pam.d/other:password required /lib/security/pam_warn.so
    /etc/pam.d/other:session required /lib/security/pam_warn.so

    If that is correct, then I'm also guessing I need to create a file
    called popa3d under /etc/pam.d with something like this?

    auth required /lib/security/pam_unix.so
    auth required /lib/security/pam_unix.so shadow use_first_pass
    account required /lib/security/pam_unix.so

    If I'm using md5, does md5 need to be on any of those lines, or is
    that only for applications capable of changing a password?

    Is it preferred to use AUTH_PAM_USERPASS over regular AUTH_PAM?

    In your example for pam_userpass, I see:

    auth required /lib/security/pam_userpass.so
    auth required /lib/security/pam_pwdb.so shadow use_first_pass
    account required /lib/security/pam_pwdb.so

    But I don't have pam_pwdb on the system.

    (Sorry for all the stupid newbie questions; PAM is confusing -- even
    after having read the docs the best I could)

    -Brian

    _______________________________________________
    Pam-list mailing list
    Pam-listredhat.com
    https://listman.redhat.com/mailman/listinfo/pam-list