OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: Quick question about stack...

From: Thorsten Kukuk (kukuksuse.de)
Date: Mon Aug 03 2009 - 12:13:24 CDT


On Mon, Aug 03, Jason Gerfen wrote:

> Thorsten Kukuk wrote:
> > On Mon, Aug 03, Jason Gerfen wrote:
> >
> >> I have a quick question regarding the pam stack.
> >>
> >> The reason I am asking is I am receiving errors and am unable to figure
> >> out which module is logging the 'UNKNOWN' user message. I used to think
> >> it was the pam_unix module but it seems I am wrong.
> >>
> >> Here is a quick snippit of the log (/var/log/auth.log)
> >> Aug 3 12:08:51 Gentoo-x86 login[20736]: pam_unix(login:auth): check
> >> pass; user unknown
> >> Aug 3 12:08:51 Gentoo-x86 login[20736]: pam_unix(login:auth):
> >> authentication failure; logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost=
     ^^^^^^^^^^^^^^^^^^^^^^^

> >> Aug 3 12:08:51 Gentoo-x86 login[20736]: pam_krb5[20736]: searching
> >> 'ou=campus,dc=search,dc=domain,dc=com' for 'testuser'...
> >> Aug 3 12:08:51 Gentoo-x86 login[20736]: pam_krb5[20736]: found
> >> 'testuser' in 'ad', proceeding to resolve to uid/gid pair...
> >> Aug 3 12:08:51 Gentoo-x86 login[20736]: pam_krb5[20736]: authentication
> >> succeeds for 'testuser' (testuserUTAH.EDU)
> >> Aug 3 12:08:54 Gentoo-x86 login[20736]: FAILED LOGIN (1) on 'tty1' FOR
> >> `UNKNOWN', User not known to the underlying authentication module
> >>
> >> Not sure what module is sending that last line to the logs. Any help is
> >> appreciated.
> >
> > The login application itself, as result of the pam_unix failure.
> >
> > Thorsten
> >
> So at least one module is not returning the PAM_SUCCESS flag?

If a module reports an authentication error, it will of course
not return the PAM_SUCCESS flag.

  Thorsten

--
Thorsten Kukuk, Project Manager/Release Manager SLES
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
GF: Markus Rex, HRB 16746 (AG Nuernberg)

_______________________________________________
Pam-list mailing list
Pam-listredhat.com
https://www.redhat.com/mailman/listinfo/pam-list