[Catalyst] Auth::PAM??

Michael Higgins linux at evolone.org
Fri Nov 14 20:24:54 GMT 2008 

On Fri, 14 Nov 2008 09:50:41 +0100
Jose Luis Martinez <jlmartinez-lists-catalyst at capside.com> wrote:

> Michael Higgins escribió:
> > 
> > __PACKAGE ...

[8<]

> See:
> http://search.cpan.org/~chansen/Authen-Simple-PAM-0.2/lib/Authen/Simple/PAM.pm 
> for what to put in "args".
> 
> The way you have it configured above, Catalyst is trying to read the 
> shadow file directly, and that shouldn't be possible (only readable
> by root), hence the error message.
> 

OK, thanks for that hint. Works great. Problem is... okay, was. Well, maybe still is...

What I'm intending to do is extend a setup for a small office. I have several mail users with a shell as /sbin/nologin and are authzd against saslauthd on a server. They too will use this app and already have some auth mechanism....

But of course the 'login' service doesn't work for them. Anyway, I had to learn a bit about PAM.

For some reason running under sudo means my /nologin folks can log in using almost any other configured service you'd expect they should... but only 'login' works running under my regular user. Of course, it won't work for these folks without shells. I tried every service I could find reference to until I tried running under sudo. Suddenly all these different methods worked:

Errors with my nologin user, and running Cat server under my own user and 'system-auth' service:

Nov 14 11:48:04 lappy unix_chkpwd[19322]: check pass; user unknown
Nov 14 12:01:08 lappy unix_chkpwd[19404]: password check failed for user (test)
Nov 14 12:01:08 lappy perl: pam_unix(system-auth:auth): authentication failure; logname=mykhyggz uid=1000 euid=1000 tty= ruser= rhost=  user=test

but running under 'sudo', I get no errors for myself or my test user, until throwing bogus credentials:

Nov 14 12:01:54 lappy perl: pam_unix(system-auth:auth): check pass; user unknown
Nov 14 12:01:54 lappy perl: pam_unix(system-auth:auth): authentication failure; logname=mykhyggz uid=0 euid=0 tty= ruser= rhost= 

Is there something fundamental here I'm missing? Is there some other pam-enabled binary or service I need to install other than 'login' that would be appropriate... or like that? '-)

Any pointer in the right direction would be appreciated.

Cheers,

-- 
 |\  /|        |   |          ~ ~  
 | \/ |        |---|          `|` ?
 |    |ichael  |   |iggins    \^ /
 michael.higgins[at]evolone[dot]org

More information about the Catalyst mailing list