Understanding PAM debug output

Patrick Mahan plmahan at gmail.com
Sun Mar 17 23:26:47 UTC 2019 

All,

FreeBSD 11.2-Release-p7

I am debugging an authentication problem with /usr/lib/pam_unix.so.6.  I
have pam.d service setup with -

auth            required        pam_unix.so             debug nullok
local_pass
account         required        pam_unix.so             debug
try_first_pass local_pass

Yet, my application is failing.  Looking at the output from
/var/log/debug.log I see -

Mar 17 14:54:41 ns auth: in pam_vprompt(): entering
Mar 17 14:54:41 ns auth: in pam_get_item(): entering: PAM_CONV
Mar 17 14:54:41 ns auth: in pam_get_item(): returning PAM_SUCCESS
Mar 17 14:54:41 ns auth: in pam_vprompt(): returning PAM_SUCCESS
Mar 17 14:54:41 ns auth: in pam_set_item(): entering: PAM_AUTHTOK
Mar 17 14:54:41 ns auth: in pam_set_item(): returning PAM_SUCCESS
Mar 17 14:54:41 ns auth: in pam_get_item(): entering: PAM_AUTHTOK
Mar 17 14:54:41 ns auth: in pam_get_item(): returning PAM_SUCCESS
Mar 17 14:54:41 ns auth: in pam_get_authtok(): returning PAM_SUCCESS
Mar 17 14:54:41 ns auth: in pam_sm_authenticate(): Got password
Mar 17 14:54:41 ns auth: in openpam_get_option(): entering: 'no_warn'
Mar 17 14:54:41 ns auth: in openpam_get_option(): returning NULL
Mar 17 14:54:41 ns auth: in pam_vprompt(): entering
Mar 17 14:54:41 ns auth: in pam_get_item(): entering: PAM_CONV
Mar 17 14:54:41 ns auth: in pam_get_item(): returning PAM_SUCCESS
Mar 17 14:54:41 ns auth: in pam_vprompt(): returning PAM_SUCCESS
Mar 17 14:54:41 ns auth: in openpam_dispatch(): /usr/lib/pam_unix.so.6:
pam_sm_authenticate(): authentication error

However, looking at the sources for /usr/lib/pam_unix.so.6 I see that there
should also be a log message for "Got user:" at line 105 in
/usr/src/lib/libpam/modules/pam_unix/pam_unix.c.

Am I looking at the wrong code?  Doing a recursive grep under /usr/src
looking for "Got password" turns up -

root at ns:/usr/src # find . -name "*.c" -exec grep -H "Got password" {} \;
./lib/libpam/modules/pam_krb5/pam_krb5.c:       PAM_LOG("Got password");
./lib/libpam/modules/pam_krb5/pam_krb5.c:       PAM_LOG("Got password");
./lib/libpam/modules/pam_unix/pam_unix.c:       PAM_LOG("Got password");
./lib/libpam/modules/pam_radius/pam_radius.c:   PAM_LOG("Got password");

So am I looking at the wrong source code?

Thanks,

Patrick

More information about the freebsd-questions mailing list