FYI - I worked around the issue by a call to pam_get_user. This provides
me with the dual factor authentication I need via google-authenticator.
static const char *get_user_name(pam_handle_t *pamh) {
// Obtain the user's name
const char *username;
pam_get_user(pamh, &username, NULL);
if (pam_get_item(pamh, PAM_USER, (void *)&username) != PAM_SUCCESS ||
!username || !*username) {
log_message(LOG_ERR, pamh,
"No user name available when checking verification code");
return NULL;
}
return username;
}
On Thu, Feb 6, 2014 at 2:10 PM, Daniel Schmidt <daniel.schm...@wyo.gov>wrote:
>
> On Tue, Feb 4, 2014 at 2:12 PM, Daniel Schmidt <daniel.schm...@wyo.gov>wrote:
>
>> Please forgive the intrusion on a dev list, I didn't see any user list.
>> I was wondering if anybody might be able to assist in the following issue.
>>
>>
>> The following pam config attempts dual factor auth:
>>
>> auth requisite pam_google_authenticator.so
>> secret=/home/${USER}/.google_authenticator forward_pass
>> auth required pam_python.so /lib/security/pam_google.py -c
>> /etc/pam_google.conf use_first_pass
>> account required pam_permit.so
>>
>> Works quite well from "pamtester xrdp-sesman daniel.schmidt authenticate"
>>
>> However, gives an error when tried from actual rdp:
>>
>> xrdp-sesman(pam_google_authenticator)[3919]: No user name available when
>> checking verification code
>>
>> Of course, it worked fine with default common pam_unix.so. Any advice
>> would be greatly appreciated.
>>
>> Thanks,
>> -Daniel
>>
>>
> Looks fine to me, not to mention that it works fine with pamtester. I
> can't figure out why it fails with xrdp. Ideas? thkx
>
> static const char *get_user_name(pam_handle_t *pamh) {
> // Obtain the user's name
> const char *username;
> if (pam_get_item(pamh, PAM_USER, (void *)&username) != PAM_SUCCESS ||
> !username || !*username) {
> log_message(LOG_ERR, pamh,
> "No user name available when checking verification code");
> return NULL;
> }
> return username;
> }
>
>
E-Mail to and from me, in connection with the transaction
of public business, is subject to the Wyoming Public Records
Act and may be disclosed to third parties.
------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk
_______________________________________________
xrdp-devel mailing list
xrdp-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xrdp-devel
