search

minrk / pamela

Python PAM interface
Other
34 stars 10 forks source link

Issues with pamela installed via anaconda #5

Closed jan-janssen closed 8 years ago

jan-janssen commented 8 years ago

I am able to sudo switch from one user to the next, with the limitation to the sudospawner as required by jupyterhub 1. sudo -u rhea sudo -n -u $USER sudospawner --help

The shadow configuration is set: -rw-r----- 1 root shadow 536 Jun 22 10:59 /etc/shadow uid=35052(jan) gid=12500(mpd) groups=15(shadow),12505(pyjam),12500(mpd)

And when I run:
ldd /{,usr/}{bin,sbin}/* | grep -B 5 libpam | grep '^/' I get: 

    /bin/login:
    /bin/su:
    /sbin/mkhomedir_helper:
    /sbin/pam_tally2:
    /usr/bin/chage:
    /usr/bin/chfn:
    /usr/bin/chsh:
    /usr/bin/passwd:
    /usr/sbin/atd:
    /usr/sbin/cron:
    /usr/sbin/sshd:
    /sbin/pam_timestamp_check:
    /sbin/unix2_chkpwd:
    /usr/bin/c_rehash1:
    /usr/bin/crontab:
    /usr/bin/passmass:
    /usr/bin/sudo:
    /usr/bin/sudoedit:
    /usr/bin/vlock:
    /usr/bin/xdmshell:
    /usr/sbin/create-cracklib-dict:
    /usr/sbin/groupadd:
    /usr/sbin/groupadd.local:
    /usr/sbin/groupdel:
    /usr/sbin/groupmod:
    /usr/sbin/in.rexecd:
    /usr/sbin/in.rlogind:
    /usr/sbin/in.rshd:
    /usr/sbin/routel:
    /usr/sbin/rpasswdd:
    /usr/sbin/update-usbids.sh:
    /usr/sbin/useradd:
    /usr/sbin/useradd.local:
    /usr/sbin/userdel:
    /usr/sbin/userdel-pre.local:
    /usr/sbin/usermod:

I am wondering whether python should not also appear in this list and if that is the case how to add it. Or maybe that is just an missunderstanding from my side and there is a unix command besides sudo, which I can use to test my PAM configuration.

Correction: What fails for me is the simple test command: python -m pamela -a whoami It promots me for my password and is never able to correctly login but instead always returns an [PAM Error 7] Authentication failure error

When I load the module directly in python : 

>>> import pamela as pamela
>>> pamela.authenticate('kwotuveang3k4bk')
Password: 
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/u/system/SLES11/soft/pyjam/jupyterhub/0-8-0/lib/python3.5/site-packages/pamela.py", line 272, in authenticate
    return pam_end(handle, retval)
  File "/u/system/SLES11/soft/pyjam/jupyterhub/0-8-0/lib/python3.5/site-packages/pamela.py", line 220, in pam_end
    raise PAMError(errno=retval)
pamela.PAMError: [PAM Error 7] Authentication failure

Versions: 

Python 3.5.1 |Anaconda 4.1.0 (64-bit)
pamela: __version__ = '0.2.1'
minrk commented 8 years ago

If pamela doesn't work, it could be a PAM service permissions issue. What distro are you using, and is SELinux running?

jan-janssen commented 8 years ago

Suse Linux Enterprise 11 and SELinux is not running. Is there a simple way to test the permissions ? As the sudo part is working I have the feeling it has something to do with login. Also when I execute the simple command: login it gives me the error: FATAL: cannot change permissions of TTY: Operation not permitted Meaning most likely I am looking at the wrong part. It is not an pamela issue but moreover some communications issue between login and kerberos or something.

jan-janssen commented 8 years ago

Thx for the support, ot was am error in my PAM setup and had nothing to do with the pamela package.