KDE and PAM

Jason Williams jason at seanet.com
Tue Nov 29 23:34:24 GMT 2005 


On Nov 26, 2005, at 11:48 AM, Andrea Venturoli wrote:

> Hello.
> I've got a problem.
> I'm using KDE 3.4.3 on a 5.4p8 system: simply it does not check for  
> password!!!
> At login (using kdm) I just enter my username and can leave the  
> password field blank or type whatever I want. The same happens  
> after the screen saver has locked up my session.
> Here's my /etc/pam.d/kde:
>
> #
> # $FreeBSD: src/etc/pam.d/kde,v 1.6 2003/04/30 21:57:54 markm Exp $
> #
> # PAM configuration for the "kde" service
> #
>
> # auth
> auth            required        pam_nologin.so          no_warn
> #auth           sufficient      pam_krb5.so             no_warn  
> try_first_pass
> #auth           sufficient      pam_ssh.so              no_warn  
> try_first_pass
> #auth           required        pam_unix.so             no_warn  
> try_first_pass
> auth            sufficient      /usr/local/lib/pam_smb_auth.so
>
> # account
> #account        required        pam_krb5.so
> account         required        pam_unix.so
>
> # session
> #session        optional        pam_ssh.so
> session         required        pam_permit.so
>
>
>
>
> I've tryed googling, but I only came up either with vulnerability  
> reports for older KDE releases (which should have been corrected)  
> or with hints which are specific to some particular Linux-based OS.
> Any hiny appreciated.
>
> BTW, I'm also using nss_ldap, in case it matters, and text console  
> login works fine.
>
>  bye & Thanks
> 	av.
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions- 
> unsubscribe at freebsd.org"
>


Andrea,

The freebsd website has a excellent section on the pam module that  
REALLY helped me out. I believe you will find the answer in there.  
Here is a link:

http://www.freebsd.org/doc/en_US.ISO8859-1/articles/pam/index.html

I would suggest that you probably need something like the following  
for the auth section in /etc/pam.conf (FreeBSD 5.4) or in /etc/pam.d/ 
system (FreeBSD 6):

# auth
auth            required        pam_nologin.so          no_warn
#auth           sufficient      pam_krb5.so             no_warn  
try_first_pass
#auth           sufficient      pam_ssh.so              no_warn  
try_first_pass
auth            sufficient      pam_unix.so             no_warn  
try_first_pass
auth            required      /usr/local/lib/pam_smb_auth.so

The "required" for pam_smb_auth.so will stop login from  
authenticating without a password.

Jason Williams
jwilliams at newhaven.edu

More information about the freebsd-questions mailing list