![]() |
Suggestion 1 didn't work. I've also tried using pam_pwdb same results. I have also tried pam_mysql which causes the hfaxd child processes to segfault repeatedly on authentication attempts. Answers to questions: 1) Linux kernel 2.4.22-1.2188 on Fedora Core 1 2) Have been running Hylafax successfully for a few months now with hosts.hfaxd authentication based on user/pass. Currently it contains: 127.0.0.1 3) rpm -qa | grep pam pam-0.77-15 pam-devel-0.77-15 pam_smb-1.1.7-2 pam_krb5-2.0.5-1 4,5,6) Users exist, can login on console and SSH and I have the correct password. More information: I am successfully using pam with pam_mysql to authenticate imap users on the same machine. Eventually I'd like to be using pam_mysql but I am starting simple as it's obviously not working. strace on the hfaxd process and children shows it is reading the correct username and password from the client. It also shows pam opening and reading /etc/passwd, /etc/shadow if that's any use. I've been having a look at the PAM code in Asterisk and it seems pretty close to the reference implementation here: http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam_appl-8.php Which works just fine for me when I compile it. I don't claim to be a C or C++ expert. In fact it's years since I've written anything in it. There was one discrepency between the struct in the reference application and the code in Hylafax. example application: static struct pam_conv conv = { misc_conv, NULL }; Hylafax struct pam_conv conv = { pamconv, (void*)pass }; The difference looks fairly harmless to me but can anyone with more experience see any problems occurring? I hope I've provided enough information. If there's anything else let me know. Regards, Kimble Young -----Original Message----- From: Michael J. Pedersen [mailto:pedermj@xxxxxxxxxxx] Sent: Friday, June 25, 2004 8:18 AM To: Kimble Young Subject: Re: [hylafax-users] PAM Authentication On Fri, Jun 25, 2004 at 05:25:14PM -0400, Kimble Young wrote: > I've been having some issues setting up PAM authentication with hylafax > 4.2.0 beta 2. Cool (well, for me anyway). It's always pleasurable seeing somebody else using it. > I've been trying to use WHFC to connect and am only successful when logging > in as root. That's more than a bit odd, as I'm using it for everybody BUT root. > Syslog shows: > > Jun 25 17:20:16 asterisk hylafax(pam_unix)[6380]: authentication failure; > logname= uid=0 euid=10 tty= ruser= rhost= user=ultimate > Jun 25 17:20:18 asterisk hfaxd[6380]: Login failed from kimble > [192.168.0.244], ultimate > > Everything seems to point to a problem with PAM configuration but no matter > what i try there's no luck. The most basic config file for > /etc/pam.d/hylafax is below: > > #%PAM-1.0 > auth required pam_unix.so > account required pam_unix.so > password required pam_unix.so > session required pam_unix.so Okay, this is good, and I'll give a suggestion, but also ask for more information in case it fails. Suggestion: 1) If you are running this on Linux, you might need to set password line as follows: password required pam_unix.so md5 Questions: 1) What operating system and version number (and distribution, if applicable) are you running the HylaFAX server on? 2) Were you running HylaFAX on this machine before now? If so, are there users with the same name in hosts.hfaxd, but different passwords? If so, that might be the source of the problem. Either delete the users from hosts.hfaxd, or fix their passwords. 3) What version of the PAM libraries are you using on this system? 4) Can any of these users log in at the console? 5) Do any of these users actually exist? Try running this command, and making sure the users exist (on the machine running HylaFAX of course!): getent passwd 6) Are you sure you know the correct password? Try logging in at the console (or by way of telnet, or ssh) as the user. If the user exists, but you are unable to login, try resetting the user password. > Is it possible that hylafax is trying to authenticate uid=0 as seen in the > syslog line above? Now, I'll admit to being no PAM expert, but that doesn't seem like what it's reading out to me. It sounds (to me) like it's reading the uid of the process for HylaFAX. Basically, it means that root is running hfaxd, and is failing to authenticate user ultimate. > Can anyone help me with getting it working for all local system accounts? Here's hoping the above gives enough information to troubleshoot the problem for you. -- Michael J. Pedersen My IM IDs: Jabber/pedersen@xxxxxxxxxxxxxx, ICQ/103345809, AIM/pedermj022171 Yahoo/pedermj2002, MSN/pedermj022171@xxxxxxxxxxx My GnuPG KeyID: 6CB0A96C My Public Key Available At: www.keyserver.net My GnuPG Key Fingerprint: E8F0 920F EB2F 7FDE DF4E 23CC 2CEB 8E6F 6CB0 A96C ____________________ HylaFAX(tm) Users Mailing List _______________________ To subscribe/unsubscribe, click http://lists.hylafax.org/cgi-bin/lsg2.cgi On UNIX: mail -s unsubscribe hylafax-users-request@xxxxxxxxxxx < /dev/null *To learn about commercial HylaFAX(tm) support, mail sales@xxxxxxxxx*