Date: Fri, 27 Feb 2009 21:40:42 +0530 From: Ivan Grover <ivangrvr299@gmail.com> To: =?ISO-8859-1?Q?Dag=2DErling_Sm=F8rgrav?= <des@des.no> Cc: freebsd-security@freebsd.org Subject: Re: PAM rules inside pam.d Message-ID: <670f29e20902270810h22adc102rd9500d74208b1f11@mail.gmail.com> In-Reply-To: <670f29e20902270618m23eed4acg15a8a3e7b43fe327@mail.gmail.com> References: <670f29e20902240717m49f53bfx67166c151c01384b@mail.gmail.com> <86eixnfwr2.fsf@ds4.des.no> <670f29e20902270618m23eed4acg15a8a3e7b43fe327@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I debugged pam_unix aswell, it looks like crypt function is giving different strings for telnet and my application with same passwd string and salt. So i think the issue could be with crypt library linked telnet and my application. please let me know your thoughts crypt(plaintext_ptr, salt); On Fri, Feb 27, 2009 at 7:48 PM, Ivan Grover <ivangrvr299@gmail.com> wrote: > Hi, > Iam sorry my observation was wrong. > > I debugged the problem, it looks strange, these are my findings : > > I have my PAM rules for my service as > > auth required /lib/security/pam_securetty.so > auth required pam_stack.so service=3Dsystem-auth > auth required /lib/security/pam_nologin.so > > The pam_unix module returns authentication failure from pam_unix.so from > pam_stack.so , hence the control reaches pam_nologin.so. > > The same rules work well with telnet/ftp , but fails for my service > > I have checked the username, password passed to PAM module by changing th= e > sources of pam_nologin.so, they are proper. I didnt had sources for > pam_unix, so iam not able to detect the exact problem. > > My suspect is that my application using my PAM service might have done so= me > fd leaks or any other problem. But the max fds open by my application are > 185 which is still below max limit(OPEN_MAX) > > Restarting the application resolves the problem and iam able to > authenticate user > > > can anyone help me what could be the problem. > > > Thanks and Best Regards, > > > > On Wed, Feb 25, 2009 at 1:11 AM, Dag-Erling Sm=F8rgrav <des@des.no> wrote= : > >> Ivan Grover <ivangrvr299@gmail.com> writes: >> > Now, after upgrading PAM modules (pam_unix.so, pam_stack.so..) and >> > library [...] >> >> Upgrading from what to what? >> >> Have you tried the standard debugging procedure? >> >> DES >> -- >> Dag-Erling Sm=F8rgrav - des@des.no >> > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?670f29e20902270810h22adc102rd9500d74208b1f11>