[Tigervnc-devel] PAM only works for local stored passwords

Thu, 24 Feb 2011 12:44:50 -0800 

Dear list,

I am testing the 1.1 pre-beta (2/21/11) 64 bit Linux binary on an Ubuntu 
Natty machine. According to previous posts, I start the VNC server as:
./Xvnc :4 -SecurityTypes=VeNCrypt,Plain -PlainUsers=sebastiaan 
pam_service=vnc

which works fine when connecting with:
./vncviewer :4 -SecurityTypes=VeNCrypt,Plain
and supplying my credentials.

Unfortunately, if the password of the user is not stored locally, but 
has to be retrieved from a server (a RADIUS server in my case), the 
connection fails:
./Xvnc :4 -SecurityTypes=VeNCrypt,Plain -PlainUsers=sebastiaanRemote 
pam_service=vnc


/var/log/auth.log simply responds:
Feb 24 21:34:35 uluru01 Xvnc: pam_unix(vnc:auth): authentication 
failure; logname= uid=1000 euid=1000 tty= ruser= rhost=  
user=sebastiaanRemote


Xvnc gives the message:
Thu Feb 24 21:33:44 2011
  Connections: accepted: 10.177.20.2::53817
  SConnection: Client needs protocol version 3.8
  SConnection: Client requests security type VeNCrypt(19)

Thu Feb 24 21:34:36 2011
  SConnection: AuthFailureException: invalid password or username
  Connections: closed: 10.177.20.2::53817 (invalid password or username)


My /etc/pam.d/vnc looks like this:
auth    [success=2 default=ignore]    pam_unix.so nullok_secure
auth    sufficient                      pam_radius_auth.so debug
auth    requisite            pam_deny.so
auth    required            pam_permit.so

account [success=2 new_authtok_reqd=done default=ignore]        pam_unix.so
account sufficient                      pam_radius_auth.so
account requisite                       pam_deny.so
account required                        pam_permit.so

which works fine for other services. I copied this file to a pretty 
simple service like chfn (cp /etc/pam.d/vnc /etc/pam.d/chfn) and it 
works fine.

I am not sure where it goes wrong, but I am happy to help looking.

Sincerely,
Sebastiaan


------------------------------------------------------------------------------
Free Software Download: Index, Search & Analyze Logs and other IT data in 
Real-Time with Splunk. Collect, index and harness all the fast moving IT data 
generated by your applications, servers and devices whether physical, virtual
or in the cloud. Deliver compliance at lower cost and gain new business 
insights. http://p.sf.net/sfu/splunk-dev2dev 
_______________________________________________
Tigervnc-devel mailing list
Tigervnc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tigervnc-devel

Reply via email to