PAM help?

PAM help?

Post by Jay G. Sco » Wed, 25 Jun 2003 02:30:37



hi,

i'm trying to write a PAM module to count login failures.
i think all i need to proceed at this point is to get the
results of the PREVIOUS stuff in the PAM stack.
that is, by the time my module rolls in, all the authentication
routines will have been called, and a decision will have been
made.

i know from writing other modules that the authentication
routines can return a value that my module didn't send, so that
means there must be some overall authentication result.
i only want to READ it.  but i do need to know what's been
decided.

or is there another way to do this?  i yanked down a bunch of
sample code, but i haven't had a chance to go through it yet.
it doesn't look exactly relevant, though.

i'm hardly an expert, so if  i'm missing something obvious,
point it out.  i can easily have missed it.

thx.

j.
--

Head of Sun Support, Sr. Operating Systems Specialist
Applied Research Labs, Computer Science Div.                   S224
University of Texas at Austin

 
 
 

PAM help?

Post by Jay G. Sco » Wed, 25 Jun 2003 04:43:55


aha.  looks like pam_tally in the Linux-PAM-0.77 collection
does what i need.  but i still don't see how it knows whether
to log a success or failure....  anybody know that?

j.
--

Head of Sun Support, Sr. Operating Systems Specialist
Applied Research Labs, Computer Science Div.                   S224
University of Texas at Austin

 
 
 

PAM help?

Post by Jay G. Sco » Thu, 26 Jun 2003 00:20:08




Quote:

>aha.  looks like pam_tally in the Linux-PAM-0.77 collection
>does what i need.  but i still don't see how it knows whether
>to log a success or failure....  anybody know that?

looks like i have my answer.  you can get the string the user
typed to respond to the challenge, but not the prior results of
the challenge.  so you repeat the encryption and check against
the stored result all over again.

which will work for me, but that seems more expensive than necessary.
you may have to duplicate code....  blah, blah, blah.  i think i
will lobby to make that one of the standard things available to
a module.  so if anybody wants to second the motion....

j.

>j.
>--

>Head of Sun Support, Sr. Operating Systems Specialist
>Applied Research Labs, Computer Science Div.                   S224
>University of Texas at Austin

--

Head of Sun Support, Sr. Operating Systems Specialist
Applied Research Labs, Computer Science Div.                   S224
University of Texas at Austin
 
 
 

1. PAM help

hi,

  I am writing an application which intends to use linux PAM for
  authentication purposes.After browsing through the PAM manuals,
  i gathered that this can be done by calling pam_authenticate();
  Things worked .. but the routine prompts for a password while  execution .
  I do not want any prompting, but want to pass the password (the
  program thus knows it i.e it has been passed as an argument to the
  calling function) to check for authenticity.
  How to accomplish this?
  thanks for any help.

Varun
-----

2. Badblock scan at 2.1.5 install time renders disk unbootable ?

3. PAM help needed.

4. Using a WinNT proxy from a Linux machine

5. PAM help needed ...

6. Linux and old BIOS

7. PAM help needed re: Redhat 6.1

8. ?:Kernel V2.2.-IP Alias-eth0:0 Is Invisible To 'ifconfig"?

9. PAM Help

10. PAM (/etc/pam.conf).....Is It Needed?

11. PAM/RedHat: pop3 /etc/pam.d config

12. ftp chroot jail dir & pam 1.0 /etc/pam.d/ftp file

13. redhat 6.1, PAM, and having to alter /etc/pam.d/kppp