Date: Sat, 16 Mar 2019 00:00:52 -0900 From: Patrick Mahan <plmahan@gmail.com> To: User Questions <freebsd-questions@freebsd.org> Subject: Understanding PAM debug output Message-ID: <CAFDHx1K9xYXTdREavv4D8sRtAUHG2K=9D2PeW51fJ5UzQe8ubg@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
All, FreeBSD 11.2-Release-p7 I am debugging an authentication problem with /usr/lib/pam_unix.so.6. I have pam.d service setup with - auth required pam_unix.so debug nullok local_pass account required pam_unix.so debug try_first_pass local_pass Yet, my application is failing. Looking at the output from /var/log/debug.log I see - Mar 17 14:54:41 ns auth: in pam_vprompt(): entering Mar 17 14:54:41 ns auth: in pam_get_item(): entering: PAM_CONV Mar 17 14:54:41 ns auth: in pam_get_item(): returning PAM_SUCCESS Mar 17 14:54:41 ns auth: in pam_vprompt(): returning PAM_SUCCESS Mar 17 14:54:41 ns auth: in pam_set_item(): entering: PAM_AUTHTOK Mar 17 14:54:41 ns auth: in pam_set_item(): returning PAM_SUCCESS Mar 17 14:54:41 ns auth: in pam_get_item(): entering: PAM_AUTHTOK Mar 17 14:54:41 ns auth: in pam_get_item(): returning PAM_SUCCESS Mar 17 14:54:41 ns auth: in pam_get_authtok(): returning PAM_SUCCESS Mar 17 14:54:41 ns auth: in pam_sm_authenticate(): Got password Mar 17 14:54:41 ns auth: in openpam_get_option(): entering: 'no_warn' Mar 17 14:54:41 ns auth: in openpam_get_option(): returning NULL Mar 17 14:54:41 ns auth: in pam_vprompt(): entering Mar 17 14:54:41 ns auth: in pam_get_item(): entering: PAM_CONV Mar 17 14:54:41 ns auth: in pam_get_item(): returning PAM_SUCCESS Mar 17 14:54:41 ns auth: in pam_vprompt(): returning PAM_SUCCESS Mar 17 14:54:41 ns auth: in openpam_dispatch(): /usr/lib/pam_unix.so.6: pam_sm_authenticate(): authentication error However, looking at the sources for /usr/lib/pam_unix.so.6 I see that there should also be a log message for "Got user:" at line 105 in /usr/src/lib/libpam/modules/pam_unix/pam_unix.c. Am I looking at the wrong code? Doing a recursive grep under /usr/src looking for "Got password" turns up - root@ns:/usr/src # find . -name "*.c" -exec grep -H "Got password" {} \; ./lib/libpam/modules/pam_krb5/pam_krb5.c: PAM_LOG("Got password"); ./lib/libpam/modules/pam_krb5/pam_krb5.c: PAM_LOG("Got password"); ./lib/libpam/modules/pam_unix/pam_unix.c: PAM_LOG("Got password"); ./lib/libpam/modules/pam_radius/pam_radius.c: PAM_LOG("Got password"); So am I looking at the wrong source code? Thanks, Patrick
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFDHx1K9xYXTdREavv4D8sRtAUHG2K=9D2PeW51fJ5UzQe8ubg>