I debugged pam_unix aswell, it looks like crypt function is giving different strings for telnet and my application with same passwd string and salt. So i think the issue could be with crypt library linked telnet and my application.
please let me know your thoughts crypt(plaintext_ptr, salt); On Fri, Feb 27, 2009 at 7:48 PM, Ivan Grover <[email protected]> wrote: > Hi, > Iam sorry my observation was wrong. > > I debugged the problem, it looks strange, these are my findings : > > I have my PAM rules for my service as > > auth required /lib/security/pam_securetty.so > auth required pam_stack.so service=system-auth > auth required /lib/security/pam_nologin.so > > The pam_unix module returns authentication failure from pam_unix.so from > pam_stack.so , hence the control reaches pam_nologin.so. > > The same rules work well with telnet/ftp , but fails for my service > > I have checked the username, password passed to PAM module by changing the > sources of pam_nologin.so, they are proper. I didnt had sources for > pam_unix, so iam not able to detect the exact problem. > > My suspect is that my application using my PAM service might have done some > fd leaks or any other problem. But the max fds open by my application are > 185 which is still below max limit(OPEN_MAX) > > Restarting the application resolves the problem and iam able to > authenticate user > > > can anyone help me what could be the problem. > > > Thanks and Best Regards, > > > > On Wed, Feb 25, 2009 at 1:11 AM, Dag-Erling Smørgrav <[email protected]> wrote: > >> Ivan Grover <[email protected]> writes: >> > Now, after upgrading PAM modules (pam_unix.so, pam_stack.so..) and >> > library [...] >> >> Upgrading from what to what? >> >> Have you tried the standard debugging procedure? >> >> DES >> -- >> Dag-Erling Smørgrav - [email protected] >> > > _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
