pam question
I have pam configured so that when my virtual email users (well, the *users* aren't virtual, hehe) send email, they have to use smtpauth. I created a file in /etc/pam.d, called smtp. It has in it: auth required pam_mysql.so user=postfix passwd=apassword host=localhost db=postfix table=mailbox usercolumn=username passwdcolumn=password crypt=1 sqllog=0 account sufficient pam_mysql.so user=postfix passwd=apassword host=localhost db=postfix table=mailbox usercolumn=username passwdcolumn=password crypt=1 sqllog=0 Everything works fine ... almost. Remote users, in the system's local domain, also have to auth in order to relay. But their password is being looked up in my mysql database, instead of in the password file. How can I modify pam's smtp file to allow for both conditions? -ste ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Pam Question
Monah Baki [EMAIL PROTECTED] writes: I'm trying to setup a freebsd 4.8 server with openldap for authentication. I installed pam from the ports tree, and verified /etc/pam.conf does exist. How does freebsd know when to use pam You could always start with the documentation at: http://www.padl.com/Contents/Documentation.html ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Pam Question
Hi all, I'm trying to setup a freebsd 4.8 server with openldap for authentication. I installed pam from the ports tree, and verified /etc/pam.conf does exist. How does freebsd know when to use pam Thank you ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Kerberos5 PAM Question
Moving up the pam_krb5 in the sshd section helped to a point. The problem turned out to be having ChallengeResponseAuthentication set to yes in the sshd_config. It seems it got into calling the pam authentication module 2x thus confusing it and no ticket file was written. The way I figured this out was ssh from an older system with OpenSSH 2.9 installed (which doesn't have the ChallengeResponseAuthentication as a possible feature) and the ticket file was written fine. Thanks, --geeb At 08:38 +0200 30 October 2002, D. Penev dpenev wrote: On Tue, Oct 29, 2002 at 08:10:11AM -0500, Mark A Gebert wrote: Date: Tue, 29 Oct 2002 08:10:11 -0500 From: Mark A Gebert [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Kerberos5 PAM Question Under FreeBSD4.7, I installed the pam_krb5 port (compiled with MIT Kerberos) and I'm trying to get it to generate a ticket file with sshd (with UsePrivilegeSeparation set to yes). I get authenticated fine into the system: Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) initialize_method: pam_sm_authenticate Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) initialize_method: allocating pam_krb5_state Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) dumping state Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) option: debug Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) option: use_first_pass Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) option: require_keytab Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) option: ccache=%u Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) state: user=`geeb' Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) state: service=`sshd' Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) initialize_method: success Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) pam_sm_authenticate: resolve_principal: Success Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) pam_krb5_get_authtok: no pre-existing password Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) pam_sm_authenticate: krb5_get_init_creds_password: Success Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) pam_sm_authenticate: pam_krb5_store_tgt: Success Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) pam_krb5_verify_tgt: Success Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) pam_sm_authenticate: result for user `geeb': Success Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) initialize_method: pam_sm_acct_mgmt Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) dumping state Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) option: debug Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) option: use_first_pass Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) option: require_keytab Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) option: ccache=%u Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) state: STATE_AUTH_COMPLETED Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) state: princ_name=`[EMAIL PROTECTED]' Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) state: user=`geeb' Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) state: service=`sshd' Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) state: princ exists Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) state: ccache exists Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) initialize_method: success Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) pam_sm_acct_mgmt: result for user `geeb': Success Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) cleanup_state Oct 29 08:05:18 lart2 sshd[299]: Accepted keyboard-interactive/pam for geeb from 66.93.1.55 port 2142 ssh2 But no ticket file: klist klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_4465) Kerberos 4 ticket cache: /tmp/tkt4465 klist: You have no tickets cached The line in /etc/pam.conf is: sshdauthrequiredpam_krb5.so use_first_pass ccache=%u require_keytab debug I had such kind of problems with pam_krb5 login and I resolve them as move pam_krb5 to be first in pam stack. I've generated a host/lart2.thugsrus.net and a sshd/lart.thugsrus.net key but to no avail. Any help is appreciated. --geeb -- Mark Gebert [EMAIL PROTECTED] It takes a Viking to raze a village! To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message -- Regards, D. Penev -- To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Kerberos5 PAM Question
Under FreeBSD4.7, I installed the pam_krb5 port (compiled with MIT Kerberos) and I'm trying to get it to generate a ticket file with sshd (with UsePrivilegeSeparation set to yes). I get authenticated fine into the system: Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) initialize_method: pam_sm_authenticate Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) initialize_method: allocating pam_krb5_state Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) dumping state Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) option: debug Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) option: use_first_pass Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) option: require_keytab Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) option: ccache=%u Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) state: user=`geeb' Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) state: service=`sshd' Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) initialize_method: success Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) pam_sm_authenticate: resolve_principal: Success Oct 29 08:05:05 lart2 sshd[301]: (pam_krb5) pam_krb5_get_authtok: no pre-existing password Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) pam_sm_authenticate: krb5_get_init_creds_password: Success Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) pam_sm_authenticate: pam_krb5_store_tgt: Success Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) pam_krb5_verify_tgt: Success Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) pam_sm_authenticate: result for user `geeb': Success Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) initialize_method: pam_sm_acct_mgmt Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) dumping state Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) option: debug Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) option: use_first_pass Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) option: require_keytab Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) option: ccache=%u Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) state: STATE_AUTH_COMPLETED Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) state: princ_name=`[EMAIL PROTECTED]' Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) state: user=`geeb' Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) state: service=`sshd' Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) state: princ exists Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) state: ccache exists Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) initialize_method: success Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) pam_sm_acct_mgmt: result for user `geeb': Success Oct 29 08:05:18 lart2 sshd[301]: (pam_krb5) cleanup_state Oct 29 08:05:18 lart2 sshd[299]: Accepted keyboard-interactive/pam for geeb from 66.93.1.55 port 2142 ssh2 But no ticket file: klist klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_4465) Kerberos 4 ticket cache: /tmp/tkt4465 klist: You have no tickets cached The line in /etc/pam.conf is: sshdauthrequiredpam_krb5.so use_first_pass ccache=%u require_keytab debug I've generated a host/lart2.thugsrus.net and a sshd/lart.thugsrus.net key but to no avail. Any help is appreciated. --geeb -- Mark Gebert [EMAIL PROTECTED] It takes a Viking to raze a village! To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
