Open mw84367 opened 8 years ago
I investigated the problem further. The module is still operational. The problem is that it runs as user shinken. shinken by default has no access to /etc/shadow as root has. In this case PAM's unix_chkpwd will only accept shinken as a valid user. If the real uid does not match the authenticating username, it sets the euid to be the real uid of the user process calling unix_chkpwd. Not retaining euid=0 prevents unix_chkpwd from reading /etc/shadow and authentication will fail logging 'check pass; user unknown' to syslog.
I've no good solution to this yet.
maybe you forgot to define a pam config with shinken as service name? do something like this and try again:
maybe you forgot to define a pam config with shinken as service name?
No I didn't. First of all there is no file called /etc/pam.d/system-auth. But I created a config file by my self. Even if this is not available it should work because there is a /etc/pam.d/other which handles any application not specified by a separate file.
As I mentioned in my previous comment the module can only be used with the user shinken is running with. This is an issue with pam not with the module.
Hi,
I'd like to use pam authentication with shinken. I installed auth-pam and added the module to webui2.cfg to the modules property.
When I login with a ordinary system user "administrator" I get the following messages within the log:
[1464939295] INFO: [broker-master] [WebUI] user 'administrator' is signing in ... [1464939295] INFO: [broker-master] [WebUI] Checking authentication for user: administrator [1464939295] INFO: [broker-master] [WebUI] Requesting authentication for user: administrator [1464939295] INFO: [broker-master] [WebUI] Authenticating user 'administrator' [1464939295] INFO: [broker-master] [WebUI] Authenticating user 'administrator' with auth-pam [1464939297] INFO: [broker-master] [WebUI] Internal htpasswd authentication [1464939297] INFO: [broker-master] [WebUI] Internal alignak backend authentication [1464939297] INFO: [broker-master] [WebUI] Internal contact authentication [1464939297] INFO: [broker-master] [WebUI-auth-cfg-password] Authenticating user 'administrator' [1464939297] ERROR: [broker-master] [WebUI-auth-cfg-password] You need to have a contact having the same name as your user: administrator [1464939297] WARNING: [broker-master] [WebUI] The user 'administrator' has not been authenticated.
For me it seems that your module is used properly but the authentication fails. Do I need to provide additional authentication configuration parameters? Is the module still operational for the latest release?
Cheers
Mike