[Xrdp-devel] confirm pam authentication

Wed, 09 Nov 2011 09:08:18 -0800 

OK, this morning I ripped everything xrdp or sesman related out of the 
filesystem.  That is, if the filename had xrdp or sesman in it, I deleted it.  
I even rebooted (thus ruining my uptime track...oh well).

I've grabbed the git, configured with --enable-xrdpdebug compiled from that, 
then installed.

No change in symptoms.

Can someone confirm:

1.  pam authentication is enabled by default when doing the ./configure.
2.  the --enable-pamuserpass should be left at default of 'no'.  (I recall 
reading it was there for some backwards-compatibility thing that was no longer 
relevant?)
3.  That the proper pam configuration file for xrdp is named:
       /etc/pam.d/xrdp-sesman

4.  That the proper permissions on that file are:

$ ls -la xrdp-sesman 
-rw-r--r--. 1 root root 129 Nov  8 13:42 xrdp-sesman

5  That the proper contents of that file are:

$ cat xrdp-sesman 
#%PAM-1.0
auth       required    pam_unix.so shadow nullok
auth       required    pam_env.so readenv=1
account    required    pam_unix.so

For reference, here is the relevant /var/log/xrdp-sesman.log

[20111108-13:56:59] [INFO ] shutting down sesman 1
[20111108-13:56:59] [WARN ] [init:45] libscp initialized
[20111108-13:57:00] [CORE ] starting sesman with pid 18274
[20111108-13:57:00] [INFO ] listening...
[20111108-14:03:56] [INFO ] scp thread on sck 7 started successfully
[20111108-14:03:56] [INFO ] login denied for user gs
[20111108-14:04:30] [INFO ] scp thread on sck 7 started successfully
[20111108-14:04:30] [INFO ] login denied for user lt
[20111108-14:04:47] [INFO ] scp thread on sck 7 started successfully
[20111108-14:04:48] [INFO ] login denied for user lt
[20111108-14:22:15] [INFO ] scp thread on sck 7 started successfully
[20111108-14:22:15] [INFO ] login denied for user gs

and from pam:

$ cat /var/log/secure | grep sesman
Nov  8 12:27:59 bigbox xrdp-sesman: pam_unix(xrdp-sesman:auth): authentication 
failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=lt

Interestingly, there is only this one entry from pam, no matter how many times, 
or as who, I try to rdp in as.

Anything jumping out at anybody?


                                          
------------------------------------------------------------------------------
RSA(R) Conference 2012
Save $700 by Nov 18
Register now
http://p.sf.net/sfu/rsa-sfdev2dev1
_______________________________________________
xrdp-devel mailing list
xrdp-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xrdp-devel

Reply via email to