 HylaFAX The world's
most advanced open source fax server
|
[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]
Re: [hylafax-users] Hylafax and PAM
- To: Joel.Larsson@xxxxxxxxx
- Subject: Re: [hylafax-users] Hylafax and PAM
- From: Lee Howard <faxguy@xxxxxxxxxxxxxxxx>
- Cc: hylafax-users@xxxxxxxxxxx
- Date: Thu, 30 Nov 2006 13:59:57 -0800
Joel.Larsson@xxxxxxxxx wrote:
Im trying to use hylafax 4.3.0 with PAM authentification. I have seen this problem before on the mailinglist but no solution that seems to work for me.
The following shows up in the logs(edited out the IP and dnsname):
Nov 30 08:16:18 leyland pam_winbind[12674]: Could not retrieve user's password
Nov 30 08:16:23 leyland hylafax(pam_unix)[12674]: authentication failure; logname= uid=0 euid=10 tty= ruser= rhost= user=jola706
Nov 30 08:16:25 leyland hfaxd[12674]: Login failed from foobar.com [10.10.10.10], jola706
Nov 30 08:16:25 leyland hfaxd[12674]: SYST cmd failure - not logged in
Unfortunately, it appears that HylaFAX's PAM support is not quite what it should be. However, it does work at least minimally - this can be verified by using pam_permit as the used PAM module (which only serves for testing, as it's useless otherwise). Yet, the PAM implementation in HylaFAX is not complete enough to handle the more heavily involved interaction with modules like pam_unix (and furthermore doesn't support the PAM_INCOMPLETE response). Yes, this is disappointing.
You may notice, however, that some have gotten modules such as pam_mysql to work (ignore the comments about "unpriviledged user"... because they're incorrect):
http://marc.theaimsgroup.com/?l=hylafax&m=108839688207478&w=2
As the contributor for the PAM work in HylaFAX was interested in LDAP, I would expect some degree of support from pam_ldap, but I've also heard of people struggling with that.
From what I can tell, basically, HylaFAX PAM support needs to be extended to actually have a working "conversation function" rather than the NULL pointer that we give it now. And furthermore, HylaFAX needs to be taught how to let PAM do the user interaction, password prompting, etc., rather than trying limit PAM to mere username and password checking.
Getting PAM working right with HylaFAX for all modules to work would require a fair amount of time - mostly in learning PAM. Note that OpenPAM (there are three different PAM implementations: Linux, Solaris, and OpenPAM this last being used on the BSDs) documentation states that, "A robust conversation function is surprisingly difficult to implement"... so I don't expect this to be something that can be quickly hacked together.
Lee.
____________________ HylaFAX(tm) Users Mailing List _______________________ To subscribe/unsubscribe, click http://lists.hylafax.org/cgi-bin/lsg2.cgi On UNIX: mail -s unsubscribe hylafax-users-request@xxxxxxxxxxx < /dev/null *To learn about commercial HylaFAX(tm) support, mail sales@xxxxxxxxx*
- References:
- [hylafax-users] Hylafax and PAM
- From: Joel.Larsson
- [hylafax-users] Hylafax and PAM
- Prev by Date: [hylafax-users] No COMMID
- Next by Date: Re: [hylafax-users] Faxes cut in half
- Previous by thread: [hylafax-users] Hylafax and PAM
- Next by thread: [hylafax-users] Hylafax schematic chart
- Index(es):
Project hosted by iFAX Solutions