Cineex Posted July 16, 2011 Share Posted July 16, 2011 I'm trying to create a php login using pam_auth but i get "Authentication failure" even tho i'm sure that the username and password dose exist. The funny thing is that one account is working (i'm not 100% sure if I've done something special with this account because this was that account i tested with from the beginning). Any suggestions or thought would be appreciated private function checkIfExsists($domain,$password) { if(pam_auth($domain,$password,&$this->error[])) { return $this->getUserId($domain); } else { print_r($this->error); // willl return Array ( [0] => Authentication failure ) exit(); } } Quote Link to comment Share on other sites More sharing options...
harristweed Posted July 16, 2011 Share Posted July 16, 2011 whats pam_auth? Quote Link to comment Share on other sites More sharing options...
jcbones Posted July 16, 2011 Share Posted July 16, 2011 Which release are you using? Quote Link to comment Share on other sites More sharing options...
jcbones Posted July 16, 2011 Share Posted July 16, 2011 This is from the PCEL: PAM AUTH docs. * I'm getting an Authentication Failure error, why? 86 87 Try setting the $checkacctmgmt parameter to false to skip the pam_acct_mgmt() 88 call, note that this only checks the password and skips performing account 89 validation such as account expiration and access. Otherwise see below. 90 91 The most likely reason for this is that you are trying to authenticate via a 92 local shadow file and you do not have permission to do so. The PAM modules 93 handling shadow authentication (used on Linux and Solaris) require that the 94 application have permission to read the shadow file (makes sense, eh?). If you 95 are running php as a cgi or as a webserver module, it is executed as your 96 webservers user and group. 97 98 By default, most Linux and Solaris systems are configured to only allow the root 99 user to read the shadow file. The recommended 100 way around this is to change permissions on the shadow file so that it is group 101 readable, and chgrp the file to the a group that the webserver is in. Before 102 doing this, you should give it some serious thought as allowing your webserver 103 to read the shadow file gives hackers another way to crack away at your system. 104 105 If you decide to enable this, I stronly suggest usage of the pam_tally module 106 to limit failed logins to a reasonable number of attempts, and one of the other 107 modules which will allow you to block root and other system users. 108 Quote Link to comment Share on other sites More sharing options...
Cineex Posted July 16, 2011 Author Share Posted July 16, 2011 This is from the PCEL: PAM AUTH docs. * I'm getting an Authentication Failure error, why? 90 91 The most likely reason for this is that you are trying to authenticate via a 92 local shadow file and you do not have permission to do so. The PAM modules 93 handling shadow authentication (used on Linux and Solaris) require that the 94 application have permission to read the shadow file (makes sense, eh?). If you 95 are running php as a cgi or as a webserver module, it is executed as your 96 webservers user and group. 97 Could it also be that the user can't read the users home folder ? whats pam_auth? it's a php module to authenticate a user using linux system users Quote Link to comment Share on other sites More sharing options...
Cineex Posted July 16, 2011 Author Share Posted July 16, 2011 Problem solved by adding the apache user to the shadow group. remember that you have to THINK before doing this because if a hacker finds a security hole he can easily get the shadow file. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.