Date: Fri, 27 Feb 2009 19:48:41 +0530 From: Ivan Grover <ivangrvr299@gmail.com> To: =?ISO-8859-1?Q?Dag=2DErling_Sm=F8rgrav?= <des@des.no> Cc: freebsd-security@freebsd.org Subject: Re: PAM rules inside pam.d Message-ID: <670f29e20902270618m23eed4acg15a8a3e7b43fe327@mail.gmail.com> In-Reply-To: <86eixnfwr2.fsf@ds4.des.no> References: <670f29e20902240717m49f53bfx67166c151c01384b@mail.gmail.com> <86eixnfwr2.fsf@ds4.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, Iam sorry my observation was wrong. I debugged the problem, it looks strange, these are my findings : I have my PAM rules for my service as auth required /lib/security/pam_securetty.so auth required pam_stack.so service=3Dsystem-auth auth required /lib/security/pam_nologin.so The pam_unix module returns authentication failure from pam_unix.so from pam_stack.so , hence the control reaches pam_nologin.so. The same rules work well with telnet/ftp , but fails for my service I have checked the username, password passed to PAM module by changing the sources of pam_nologin.so, they are proper. I didnt had sources for pam_unix, so iam not able to detect the exact problem. My suspect is that my application using my PAM service might have done some fd leaks or any other problem. But the max fds open by my application are 185 which is still below max limit(OPEN_MAX) Restarting the application resolves the problem and iam able to authenticat= e user can anyone help me what could be the problem. Thanks and Best Regards, On Wed, Feb 25, 2009 at 1:11 AM, Dag-Erling Sm=F8rgrav <des@des.no> wrote: > Ivan Grover <ivangrvr299@gmail.com> writes: > > Now, after upgrading PAM modules (pam_unix.so, pam_stack.so..) and > > library [...] > > Upgrading from what to what? > > Have you tried the standard debugging procedure? > > DES > -- > Dag-Erling Sm=F8rgrav - des@des.no >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?670f29e20902270618m23eed4acg15a8a3e7b43fe327>