 HylaFAX The world's
most advanced open source fax server
|
[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]
Re: [hylafax-users] Hylafax+ 5.1.1 with pam_winbind Debian
- To: Lee Howard <faxguy@xxxxxxxxxxxxxxxx>
- Subject: Re: [hylafax-users] Hylafax+ 5.1.1 with pam_winbind Debian
- From: Aidan Van Dyk <aidan@xxxxxxxx>
- Cc: Rick Romero <rick@xxxxxxxxxxxx>, hylafax-users@xxxxxxxxxxx
- Date: Mon, 9 Apr 2007 15:58:12 -0400
* Lee Howard <faxguy@xxxxxxxxxxxxxxxx> [070409 15:39]: > >Apr 9 13:15:55 localhost HylaFAX[2697]: PAM checking user "ricktest" > >pass "(null)" from "172.16.1.82" > >Apr 9 13:15:55 localhost hfaxd[2697]: pam_authenticate failed in > >pamCheck with 0x13: Conversation error > >Apr 9 13:15:59 localhost HylaFAX[2697]: PAM checking user "ricktest" > >pass "test123!" from "172.16.1.82" > >Apr 9 13:16:01 localhost hfaxd[2697]: pam_authenticate failed in > >pamCheck with 0x7: Authentication failure > The "Conversation error" is an indication that the 4.3.3 PAM handling is > still buggy - at least for the first pass. The application is > responsible for handling the conversation from end-to-end. As for the > "seriousness" of the error --- it's ultimately saying the same thing: > that the authentication is failing in the underlying PAM module... > somewhere. No - not buggy. It's intentionally that way. Perhaps grossly verbose in it's logging... When we first try and authenticate, we *do not* have a password. So when the pam framework calls us for the password conversation callback, we return PAM_CONV_ERR, because we *cannot* get a password. If PAM authenticates us without a password, we're good. If it tries to get a password from us, we error it out, close the pam session, and leave the client-server protocol in the WAITPASS state. When the PASS commaned is used to enter the password, we will have a password, and try a new pam session to authenticate - this time providing the password when the pam framework asks for it. So the "conversation error" logging is something that we may think of removing, but it seems enough people have problems configuring pam that we thought being more verbose was better than not verbose enough. And because pam insists on controlling the event of the authentication conversation, we don't have much choice but to "fail" the first attempt, get control back, and then try again later when we have the password... a. -- Aidan Van Dyk aidan@xxxxxxxx Senior Software Developer +1 215 825-8700 x8103 iFAX Solutions, Inc. http://www.ifax.com/
Attachment:
signature.asc
Description: Digital signature
- Follow-Ups:
- Re: [hylafax-users] Hylafax+ 5.1.1 with pam_winbind Debian
- From: Lee Howard
- Re: [hylafax-users] Hylafax+ 5.1.1 with pam_winbind Debian
- References:
- [hylafax-users] Hylafax+ 5.1.1 with pam_winbind Debian
- From: Rick Romero
- Re: [hylafax-users] Hylafax+ 5.1.1 with pam_winbind Debian
- From: Darren Nickerson
- Re: [hylafax-users] Hylafax+ 5.1.1 with pam_winbind Debian
- From: Rick Romero
- Re: [hylafax-users] Hylafax+ 5.1.1 with pam_winbind Debian
- From: Lee Howard
- [hylafax-users] Hylafax+ 5.1.1 with pam_winbind Debian
- Prev by Date: Re: [hylafax-users] Hylafax+ 5.1.1 with pam_winbind Debian
- Next by Date: Re: [hylafax-users] Hylafax+ 5.1.1 with pam_winbind Debian
- Previous by thread: Re: [hylafax-users] Hylafax+ 5.1.1 with pam_winbind Debian
- Next by thread: Re: [hylafax-users] Hylafax+ 5.1.1 with pam_winbind Debian
- Index(es):
Project hosted by iFAX Solutions