-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 8/26/2014 12:24 PM, Paul Wouters wrote: > On Tue, 26 Aug 2014, Nels Lindquist wrote: > >>>> pontus:$apr1$G/Yn3NSQ$xBq7LyNNYCBc0COKWM6Dj0:roadwarrior >>> >>> So $apr1$ is not standard crypt(), it is apache specific: >>> >>> https://httpd.apache.org/docs/current/misc/password_encryptions.html > >>> >> Would/Should this have any impact on using pam with XAUTH? I'd >> prefer to do that myself, if possible, and I'm experiencing the >> same issues on CentOS 6 that Remy and Pontus are on CentOS/RHEL >> 7. > > No. It only involves file based authentication. the "error 7" as > far as I can tell comes from a missing "session" line the > /etc/pam.d/pluto file, as pam does two calls. One for password > authentication and one for session authorization. I believe this > last one fails when you see the "error 7". > > But I still need to confirm this by setting up a rhel7 machines and > test this.
I'm experiencing the same issue on CentOS6, actually. I commented out everything in /etc/pam.d/pluto except for: account required pam_permit.so password required pam_permit.so session required pam_permit.so ...but it didn't make any difference. Still getting an authentication failure: Aug 26 14:53:42 mail pluto[16526]: XAUTH: User nels: Attempting to login Aug 26 14:53:42 mail pluto[16526]: XAUTH: pam authentication being called to authenticate user nels Aug 26 14:53:44 mail pluto[16526]: XAUTH: pam_authenticate failed with 'Authentication failure' Aug 26 14:53:44 mail pluto[16526]: XAUTH: User nels: Authentication Failed: Incorrect Username or Password - -- Nels Lindquist <[email protected]> -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (MingW32) iEYEARECAAYFAlP8908ACgkQh6z5POoOLgTVswCaA4mPRymv2RhZG0YLFbREeqW8 OUYAn0zNpJLgeGnvZkY5Ij80V2mU5XYv =+ir0 -----END PGP SIGNATURE----- _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
