search

zhaow-de / pam-keycloak-oidc

PAM module connecting to Keycloak for user authentication using OpenID Connect/OAuth2, with MFA/2FA/TOTP support
MIT License
66 stars 14 forks source link

Auth Fails in PAM #5

Open davidsmithva opened 3 years ago

davidsmithva commented 3 years ago

So if I test manually:

echo "SomePassword" | pam-keycloak-oidc

it succeeds but when I add: 

account required                        pam_permit.so
auth    [success=1 default=ignore]      pam_exec.so     expose_authtok  log=/var/log/pam-keycloak-oidc.log      /opt/pam-keycloak-oidc/pam-keycloak-oidc
auth    requisite                       pam_deny.so
auth    required                        pam_permit.so

to /etc/pam.d/sshd

and then try to login with the same password, I get 2021/08/25 17:30:24 [15eabd42-079e-4d71-9d8c-0c60bc7e95dc]-(testy) oauth2: cannot fetch token: 401 Unauthorized. Response: {"error":"invalid_grant","error_description":"Invalid user credentials"}

I am not sure what could be causing this.

se2a commented 1 year ago

Hey @davidsmithva have you managed to solve that? I have the same issue.