 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
9 messages in net.sourceforge.lists.courier-usersRe: [courier-users] authshadow| From | Sent On | Attachments |
|---|---|---|
| nicholas cole | Jul 22, 2000 1:08 am | |
| Michael S. Fischer | Jul 22, 2000 2:36 am | |
| HIROSHI OOTA | Jul 22, 2000 4:07 am | |
| Michael S. Fischer | Jul 22, 2000 11:16 am | |
| nicholas cole | Jul 22, 2000 2:56 pm | |
| nicholas cole | Jul 22, 2000 3:34 pm | |
| HIROSHI OOTA | Jul 22, 2000 9:12 pm | |
| Michael S. Fischer | Jul 22, 2000 10:06 pm | |
| nicholas cole | Jul 23, 2000 12:40 am |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | Re: [courier-users] authshadow | Actions... |
|---|---|---|
| From: | nicholas cole (ni...@profile.com) | |
| Date: | Jul 23, 2000 12:40:14 am | |
| List: | net.sourceforge.lists.courier-users | |
I'm using FreeBSD 4.0 Release. Now I'm trying to get authshadow working with no success. First off, FreeBSD uses /etc/master.password, and not /etc/shadow, so for the moment I've copied /etc/master.password to /etc/shadow incase that makes a difference?
Use authpam for freebsd, don't use authshadow.
Ok, here goes my problem with using authpam. For starters, I did look in /usr/src/contrib/libpam/README and it does say it's PAM 0.65. And, I'm pretty sure that pam_unix.so also handles sessions. Take a look at http://www.proftpd.net/docs/proftpdfaq-8.html#ss8.5 It says pam_sm_open_session is in PAM 0.59+, so I'm lost as to why I'm getting the following errors?
Here's a snip of my /etc/pam.conf: pop3 auth required pam_unix.so try_first_pass pop3 account required pam_unix.so try_first_pass pop3 session required pam_unix.so try_first_pass
Here's a snip of my maillog when I try to login via pop3: Jul 22 14:46:57 cornfed courierpop3login: Connection, ip=[63.196.194.78] Jul 22 14:47:08 cornfed courierpop3login: LOGIN FAILED, ip=[63.196.194.78]
Here's a snip of my messages log when I try to login via pop3: Jul 22 14:47:03 cornfed authpam: unable to resolve symbol: pam_sm_open_session Jul 22 14:47:03 cornfed authpam: unable to resolve symbol: pam_sm_close_session
How does your pam.conf specify things like "login", or "ppp"?
Do you have a separate pam_unix_session.so?
My PAM, PAM 0.72 also has a dummy module pam_permit.so, which accepts pretty much everything. Obviously you don't want to stick it in randomly, all over the place, however it might do the trick for account and session.
No I don't have a pam_unix_session.so, just pam_unix.so, and PAM 0.65 does have pam_permit. So, I replaced pam_unix.so with pam_permit.so in the line "pop3 session required pam_unix.so try_first_pass", And I logged in successfully!!
Now what am I going to be missing with using pam_permit inplace of pam_unix for courier sessions?
Well, nothing, probably. The session calls are just what they are - session calls. The PAM client, in this case Courier, calls the session start and stop functions when a session starts and stops. PAM modules can do whatever they want, usually they do logging, and such. So you will probably lose some kind of logging. Also some PAM modules may use a session hook to do some checking for locked out accounts, and then fail the session calls, keeping locked accounts off the system. Stuff like that.
Just make sure you don't, by accident, stuff pam_permit.so somewhere else other than session. Always make sure that you don't wind up with any password being accepted for any account.
Well I've been going through FreeBSD's PAM source code, and I don't see anything in the modules I use that'll be affected by not having sessions...
Any yes, when I play with my PAM setup, I'm very careful to check everything for any mysteries...Thanks Again Sam...
-- nicholas cole