pam_auth problem

Cineex · July 16, 2011

I'm trying to create a php login using pam_auth but i get "Authentication failure" even tho i'm sure that the username and password dose exist. The funny thing is that one account is working (i'm not 100% sure if I've done something special with this account because this was that account i tested with from the beginning).

Any suggestions or thought would be appreciated

private function checkIfExsists($domain,$password)
{

		if(pam_auth($domain,$password,&$this->error[]))
		{
			return $this->getUserId($domain);
		}
		else
		{
			print_r($this->error); // willl return      Array ( [0] => Authentication failure )
			exit();
		}
}

harristweed · July 16, 2011

whats pam_auth?

jcbones · July 16, 2011

Which release are you using?

jcbones · July 16, 2011

This is from the PCEL: PAM AUTH docs.

* I'm getting an Authentication Failure error, why?

86

87 Try setting the $checkacctmgmt parameter to false to skip the pam_acct_mgmt()

88 call, note that this only checks the password and skips performing account

89 validation such as account expiration and access. Otherwise see below.

90

91 The most likely reason for this is that you are trying to authenticate via a

92 local shadow file and you do not have permission to do so. The PAM modules

93 handling shadow authentication (used on Linux and Solaris) require that the

94 application have permission to read the shadow file (makes sense, eh?). If you

95 are running php as a cgi or as a webserver module, it is executed as your

96 webservers user and group.

97

98 By default, most Linux and Solaris systems are configured to only allow the root

99 user to read the shadow file. The recommended

100 way around this is to change permissions on the shadow file so that it is group

101 readable, and chgrp the file to the a group that the webserver is in. Before

102 doing this, you should give it some serious thought as allowing your webserver

103 to read the shadow file gives hackers another way to crack away at your system.

104

105 If you decide to enable this, I stronly suggest usage of the pam_tally module

106 to limit failed logins to a reasonable number of attempts, and one of the other

107 modules which will allow you to block root and other system users.

108

Cineex · July 16, 2011

This is from the PCEL: PAM AUTH docs.

* I'm getting an Authentication Failure error, why?

90

91 The most likely reason for this is that you are trying to authenticate via a

92 local shadow file and you do not have permission to do so. The PAM modules

93 handling shadow authentication (used on Linux and Solaris) require that the

94 application have permission to read the shadow file (makes sense, eh?). If you

95 are running php as a cgi or as a webserver module, it is executed as your

96 webservers user and group.

97

Could it also be that the user can't read the users home folder ?

whats pam_auth?

it's a php module to authenticate a user using linux system users

Cineex · July 16, 2011

Problem solved by adding the apache user to the shadow group. remember that you have to THINK before doing this because if a hacker finds a security hole he can easily get the shadow file.

Sign In

pam_auth problem

Recommended Posts

Cineex

Link to comment

Share on other sites

harristweed

Link to comment

Share on other sites

jcbones

Link to comment

Share on other sites

jcbones

Link to comment

Share on other sites

Cineex

Link to comment

Share on other sites

Cineex

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information