Article delegate-en/2653 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A2651@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: Problem with PAM authentication
15 Jun 2004 08:56:59 GMT Jehan-Guillaume de Rorthais <p4edabdyi-dyd2yvdknoxr.ml@ml.delegate.org>


Hello,

Thanks for your time Yutaka...

Your second more complete test program works on my server (debian r3.0 up-to-date).
As Root :
    frpa01proxy:/tmp# cc pam.c -lpam
    frpa01proxy:/tmp# passwd adminjrr
    Enter new UNIX password: deletest
    Retype new UNIX password: deletest
    passwd: password updated successfully
    frpa01proxy:/tmp# ./a.out passwd adminjrr wrongpass
    ## pam_authenticate [passwd][adminjrr] = 7
    frpa01proxy:/tmp# ./a.out passwd adminjrr deletest
    ## pam_authenticate [passwd][adminjrr] = 0

As User within groups root, bin, sys, adm, staff & sudo :
    adminjrr@frpa01proxy:/tmp$ ./a.out passwd adminjrr wrongpass
    ## pam_authenticate [passwd][adminjrr] = 7
    adminjrr@frpa01proxy:/tmp$ ./a.out passwd adminjrr deletest
    ## pam_authenticate [passwd][adminjrr] = 0

But, as delegate system user :
    delegate@frpa01proxy:/tmp$ ./a.out passwd adminjrr wrongpass
    ## pam_authenticate [passwd][adminjrr] = 7
    delegate@frpa01proxy:/tmp$ ./a.out passwd adminjrr deletest
    ## pam_authenticate [passwd][adminjrr] = 7

I think that the third test failed because of a right issue and that your dgpam
program bypass with the suid/sgid bits right ?

I re-built delegate because I installed new dev packets of pam...But it still
doesn't works.

I don't know which information you need right now...Here some ldd results :
    frpa01proxy:/usr/local/+delegate8.9.2/src# ldd delegated
            libnsl.so.1 => /lib/libnsl.so.1 (0x40017000)
            libc.so.6 => /lib/libc.so.6 (0x4002b000)
            /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)

    frpa01proxy:/usr/local/+delegate8.9.2/src# ldd dgpam
            libnsl.so.1 => /lib/libnsl.so.1 (0x40017000)
            libc.so.6 => /lib/libc.so.6 (0x4002b000)
            /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)

Here the minimal script I use for my tests :

_______________________SCRIPT____________________________
#!/bin/sh

PARAM=$1
#PATH=$PATH:/usr/local/+delegate8.9.2/subin

if [ -z "$2" ]; then
        PORT=7978
else
        PORT=$2
fi

DGROOTTEST="/root/delegateTest/Delegate"
DGOWNER="delegate"

case "$PARAM" in
    start)
        rm -f $DGROOTTEST/log/7978*

        echo -e "Demarrage du proxy pour le port $PORT: "
        /usr/local/+delegate8.9.2/src/delegated -P$PORT -vd \
            OWNER=$DGOWNER \
            DGROOT=$DGROOTTEST \
            ADMIN="JehanGuillaume.deRorthais@omya.." \
            SERVER=http \
            PERMIT="*:*:*" \
            SHARE="" \
            AUTH=proxy:pauth \
            AUTHORIZER="-pam/passwd" \

            sleep 1
        ;;

    stop)
        echo -e "Arret du proxy pour le port $PORT: "
        /usr/local/delegate*/src/delegated -P$PORT OWNER="delegate"
DGROOT=$DGROOTTEST  -Fkill
        #kill `cat /home/delegate/act/pid/$PORT`
        echo "done."
        ;;

    restart)
        echo -e "Redemarre le proxy pour le port $PORT: "
        $0 stop $PORT
        sleep 1
        $0 start $PORT
        echo "done"
        ;;

    conf)
        if [ -f $DGROOTTEST/etc/params/$PORT ]; then
            echo -e "Parametre de demarrage du proxy pour le port $PORT:\n"
            cat $DGROOTTEST/etc/params/$PORT
        else
            echo -e "Le port $PORT n'est pas un port actif.\n"
        fi
        ;;

    reload)
        echo -e "Fast restart of Delegate..."
        /usr/local/delegate*/src/delegated -P$PORT \
            OWNER=$DGOWNER \
            DGROOT=$DGROOTTEST -Fkill-hup
        ;;

    *)
        echo "Utilistaion: proxy {start|stop|restart|reload|conf} [port]"
        exit 1
esac;
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~END OF SCRIPT~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I am at your disposal for new tests.

Thanks,

-- 
JGuillaume de Rorthais
GPG/PGP ID : 0x2A47BED0

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V