I am having trouble getting the PAM authentication to work with Solaris 8. I configured with --enable-debugging and --with-pam=pop3 and I am getting the error message as follows: Apr 17 17:03:54.445 2001 [20530] Trace and Debug destination is file "/tmp/pop.log" [pop_init.c:8 55] Apr 17 17:03:54.445 2001 Apr 17 17:03:54.445 2001 [20530] Will generate stats records (-s) [pop_init.c:825] Apr 17 17:03:54.445 2001 Apr 17 17:03:54.455 2001 [20530] (v4.0) Servicing request from "ACF3.NYU.EDU" at 128.122.253.151 [pop_init.c:1153] Apr 17 17:03:54.455 2001 Apr 17 17:03:54.455 2001 [20530] before TLS; tls_support==0 [popper.c:168] Apr 17 17:03:54.455 2001 Apr 17 17:03:54.455 2001 [20530] Skipped TLS Init [popper.c:192] Apr 17 17:03:54.455 2001 Apr 17 17:03:54.456 2001 [20530] (v4.0) Intro [popper.c:234] Apr 17 17:03:54.456 2001 Apr 17 17:03:54.456 2001 [20530] +OK Qpopper (version 4.0) at i4.nyu.edu starting. [popper.c:24 7] Apr 17 17:03:54.456 2001 Apr 17 17:03:54.456 2001 [20530] Qpopper ready for input from (null) at ACF3.NYU.EDU [128.122.253 .151] [popper.c:281] Apr 17 17:03:54.456 2001 Apr 17 17:03:58.914 2001 [20530] Received (8): "USER mp1" [pop_get_command.c:105] Apr 17 17:03:58.914 2001 Apr 17 17:03:58.914 2001 [20530] home (12): '/home1/m/mp1' [pop_user.c:209] Apr 17 17:03:58.914 2001 Apr 17 17:03:58.914 2001 [20530] +OK Password required for mp1. [pop_user.c:420] Apr 17 17:03:58.914 2001 Apr 17 17:03:58.915 2001 [20530] user returned 1; CurrentState now auth2 [popper.c:325] Apr 17 17:03:58.915 2001 Apr 17 17:03:58.915 2001 [20530] Qpopper ready for input from mp1 at ACF3.NYU.EDU [128.122.253.15 1] [popper.c:281] Apr 17 17:03:58.915 2001 Apr 17 17:04:05.103 2001 [20530] Received: "pass xxxxxxxxx" [pop_get_command.c:96] Apr 17 17:04:05.103 2001 Apr 17 17:04:05.104 2001 [20530] pam_start (service name pop3) returned 0; gp_errcode=0 [pop_pass .c:447] Apr 17 17:04:05.104 2001 Apr 17 17:04:05.115 2001 [20530] pam_authenticate returned 9; gp_errcode=0 [pop_pass.c:469] Apr 17 17:04:05.115 2001 Apr 17 17:04:15.110 2001 [20530] mp1 at ACF3.NYU.EDU (128.122.253.151): -ERR [AUTH] PAM authentic ation failed for user "mp1": Authentication failed (9) [pop_pass.c:475] Apr 17 17:04:15.110 2001 Apr 17 17:04:15.111 2001 [20530] [AUTH] Failed attempted login to mp1 from host (ACF3.NYU.EDU) 12 8.122.253.151 [pop_pass.c:1375] Apr 17 17:04:15.111 2001 Apr 17 17:04:25.110 2001 [20530] pass returned 0; CurrentState now halt [popper.c:325] Apr 17 17:04:25.110 2001 Apr 17 17:04:25.110 2001 [20530] +OK Pop server at i4.nyu.edu signing off. [popper.c:347] Apr 17 17:04:25.110 2001 Apr 17 17:04:25.111 2001 [20530] (v4.0) Ending request from "mp1" at (ACF3.NYU.EDU) 128.122.253.1 51 [popper.c:365] Apr 17 17:04:25.111 2001 Here is /etc/pam.conf: # #ident "@(#)pam.conf 1.15 00/02/14 SMI" # # Copyright (c) 1996-1999 by Sun Microsystems, Inc. # All rights reserved. # # PAM configuration # # Authentication management # login auth required /usr/lib/security/$ISA/pam_unix.so.1 # telnet auth required /usr/lib/security/$ISA/pam_krb5.so.1 rlogin auth required /usr/lib/security/$ISA/pam_krb5.so.1 # pop3 auth required /usr/lib/security/$ISA/pam_krb5.so.1 # dtlogin auth required /usr/lib/security/$ISA/pam_krb5.so.1 dtsession auth required /usr/lib/security/$ISA/pam_krb5.so.1 # rsh auth required /usr/lib/security/$ISA/pam_rhosts_auth.so.1 su auth required /usr/lib/security/$ISA/pam_unix.so.1 other auth required /usr/lib/security/$ISA/pam_krb5.so.1 # # Account management # login account requisite /usr/lib/security/$ISA/pam_roles.so.1 login account required /usr/lib/security/$ISA/pam_unix.so.1 login account optional /usr/lib/security/$ISA/pam_krb5.so.1 # pop3 account required /usr/lib/security/$ISA/pam_krb5.so.1 # dtlogin account requisite /usr/lib/security/$ISA/pam_roles.so.1 dtlogin account required /usr/lib/security/$ISA/pam_unix.so.1 dtlogin account optional /usr/lib/security/$ISA/pam_krb5.so.1 # other account requisite /usr/lib/security/$ISA/pam_roles.so.1 other account required /usr/lib/security/$ISA/pam_unix.so.1 other account optional /usr/lib/security/$ISA/pam_krb5.so.1 # # Session management # pop3 session required /usr/lib/security/$ISA/pam_krb5.so.1 # other session required /usr/lib/security/$ISA/pam_unix.so.1 other session optional /usr/lib/security/$ISA/pam_krb5.so.1 # # Password management # pop3 password required /usr/lib/security/$ISA/pam_krb5.so.1 # other password required /usr/lib/security/$ISA/pam_unix.so.1 If I set up /etc/pam.conf to not use the pam_krb5.so.1, but the pam_unix.so.1, I can get into accounts that have a local password. All users have an entry in the passwd file, but only sysadmins have a local password. All the end users are using the Kerberos PAM module. Any suggestions? TIA, Michael
