Understanding PAM debug output
Patrick Mahan
plmahan at gmail.com
Sun Mar 17 23:26:47 UTC 2019
All,
FreeBSD 11.2-Release-p7
I am debugging an authentication problem with /usr/lib/pam_unix.so.6. I
have pam.d service setup with -
auth required pam_unix.so debug nullok
local_pass
account required pam_unix.so debug
try_first_pass local_pass
Yet, my application is failing. Looking at the output from
/var/log/debug.log I see -
Mar 17 14:54:41 ns auth: in pam_vprompt(): entering
Mar 17 14:54:41 ns auth: in pam_get_item(): entering: PAM_CONV
Mar 17 14:54:41 ns auth: in pam_get_item(): returning PAM_SUCCESS
Mar 17 14:54:41 ns auth: in pam_vprompt(): returning PAM_SUCCESS
Mar 17 14:54:41 ns auth: in pam_set_item(): entering: PAM_AUTHTOK
Mar 17 14:54:41 ns auth: in pam_set_item(): returning PAM_SUCCESS
Mar 17 14:54:41 ns auth: in pam_get_item(): entering: PAM_AUTHTOK
Mar 17 14:54:41 ns auth: in pam_get_item(): returning PAM_SUCCESS
Mar 17 14:54:41 ns auth: in pam_get_authtok(): returning PAM_SUCCESS
Mar 17 14:54:41 ns auth: in pam_sm_authenticate(): Got password
Mar 17 14:54:41 ns auth: in openpam_get_option(): entering: 'no_warn'
Mar 17 14:54:41 ns auth: in openpam_get_option(): returning NULL
Mar 17 14:54:41 ns auth: in pam_vprompt(): entering
Mar 17 14:54:41 ns auth: in pam_get_item(): entering: PAM_CONV
Mar 17 14:54:41 ns auth: in pam_get_item(): returning PAM_SUCCESS
Mar 17 14:54:41 ns auth: in pam_vprompt(): returning PAM_SUCCESS
Mar 17 14:54:41 ns auth: in openpam_dispatch(): /usr/lib/pam_unix.so.6:
pam_sm_authenticate(): authentication error
However, looking at the sources for /usr/lib/pam_unix.so.6 I see that there
should also be a log message for "Got user:" at line 105 in
/usr/src/lib/libpam/modules/pam_unix/pam_unix.c.
Am I looking at the wrong code? Doing a recursive grep under /usr/src
looking for "Got password" turns up -
root at ns:/usr/src # find . -name "*.c" -exec grep -H "Got password" {} \;
./lib/libpam/modules/pam_krb5/pam_krb5.c: PAM_LOG("Got password");
./lib/libpam/modules/pam_krb5/pam_krb5.c: PAM_LOG("Got password");
./lib/libpam/modules/pam_unix/pam_unix.c: PAM_LOG("Got password");
./lib/libpam/modules/pam_radius/pam_radius.c: PAM_LOG("Got password");
So am I looking at the wrong source code?
Thanks,
Patrick
More information about the freebsd-questions
mailing list