Date: Sat, 16 Mar 2019 00:00:52 -0900 From: Patrick Mahan <plmahan@gmail.com> To: User Questions <freebsd-questions@freebsd.org> Subject: Understanding PAM debug output Message-ID: <CAFDHx1K9xYXTdREavv4D8sRtAUHG2K=9D2PeW51fJ5UzQe8ubg@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
All,
FreeBSD 11.2-Release-p7
I am debugging an authentication problem with /usr/lib/pam_unix.so.6. I
have pam.d service setup with -
auth required pam_unix.so debug nullok
local_pass
account required pam_unix.so debug
try_first_pass local_pass
Yet, my application is failing. Looking at the output from
/var/log/debug.log I see -
Mar 17 14:54:41 ns auth: in pam_vprompt(): entering
Mar 17 14:54:41 ns auth: in pam_get_item(): entering: PAM_CONV
Mar 17 14:54:41 ns auth: in pam_get_item(): returning PAM_SUCCESS
Mar 17 14:54:41 ns auth: in pam_vprompt(): returning PAM_SUCCESS
Mar 17 14:54:41 ns auth: in pam_set_item(): entering: PAM_AUTHTOK
Mar 17 14:54:41 ns auth: in pam_set_item(): returning PAM_SUCCESS
Mar 17 14:54:41 ns auth: in pam_get_item(): entering: PAM_AUTHTOK
Mar 17 14:54:41 ns auth: in pam_get_item(): returning PAM_SUCCESS
Mar 17 14:54:41 ns auth: in pam_get_authtok(): returning PAM_SUCCESS
Mar 17 14:54:41 ns auth: in pam_sm_authenticate(): Got password
Mar 17 14:54:41 ns auth: in openpam_get_option(): entering: 'no_warn'
Mar 17 14:54:41 ns auth: in openpam_get_option(): returning NULL
Mar 17 14:54:41 ns auth: in pam_vprompt(): entering
Mar 17 14:54:41 ns auth: in pam_get_item(): entering: PAM_CONV
Mar 17 14:54:41 ns auth: in pam_get_item(): returning PAM_SUCCESS
Mar 17 14:54:41 ns auth: in pam_vprompt(): returning PAM_SUCCESS
Mar 17 14:54:41 ns auth: in openpam_dispatch(): /usr/lib/pam_unix.so.6:
pam_sm_authenticate(): authentication error
However, looking at the sources for /usr/lib/pam_unix.so.6 I see that there
should also be a log message for "Got user:" at line 105 in
/usr/src/lib/libpam/modules/pam_unix/pam_unix.c.
Am I looking at the wrong code? Doing a recursive grep under /usr/src
looking for "Got password" turns up -
root@ns:/usr/src # find . -name "*.c" -exec grep -H "Got password" {} \;
./lib/libpam/modules/pam_krb5/pam_krb5.c: PAM_LOG("Got password");
./lib/libpam/modules/pam_krb5/pam_krb5.c: PAM_LOG("Got password");
./lib/libpam/modules/pam_unix/pam_unix.c: PAM_LOG("Got password");
./lib/libpam/modules/pam_radius/pam_radius.c: PAM_LOG("Got password");
So am I looking at the wrong source code?
Thanks,
Patrick
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFDHx1K9xYXTdREavv4D8sRtAUHG2K=9D2PeW51fJ5UzQe8ubg>