How come there is no PAM_IPADDRESS item?

Boris Breslav boris at bsafesolutions.com
Fri Mar 5 01:43:16 UTC 2004 

Hi all,
Is there any way I can authenticate by an IP address?
The only remote info I have is the PAM_RHOST and the PAM_RUSER, which can be
NULL.
When I print the PAM_RHOST item for my SSH connection from windows client,
it simply shows "windows"
What is it anyways rhost and ruser? Can I know for sure when it is not NULL?

Thanks in avance
Boris



----- Original Message ----- 
From: "firstcon" <firstcon at gmx.net>
To: "Joe Lewis" <pam-list at redhat.com>
Sent: Friday, March 05, 2004 1.56 AM
Subject: Re[2]: Problem with ipop3d and pam_mysql


>
> Hi Joe,
>
> i checked the source of pam_mysql once again, there are a lot of
> debug lines in the code. I placed a syslog() call in front of the
> mysql_real_connect() to see if the pam_mysql module arrives at
> this point. I didn't have any message in syslog.
>
> I did a strace now, and i can't see any attempt to use pam. Maybe
> i'm wrong, what what i can see here looks like it did not try to
> do anything with PAM. Or am i wrong?
>
> [...]
> fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x40016000
> write(1, "+OK POP3 mail v2001.78rh s"..., 45) = 45
> time(NULL)                              = 1078433740
> time(NULL)                              = 1078433740
> alarm(180)                              = 0
> fstat64(0, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x40017000
>
> >> now i enter a username
>
> read(0, "user someuser\n", 1024)    = 18
> alarm(0)                                = 176
> alarm(0)                                = 0
> write(1, "+OK User name accepted, password"..., 41) = 41
> time(NULL)                              = 1078433745
> time(NULL)                              = 1078433745
> alarm(180)                              = 0
>
> >> now i enter some password
>
> read(0, "pass somepass\n", 1024)          = 12
> alarm(0)                                = 178
> alarm(0)                                = 0
> socket(PF_UNIX, SOCK_STREAM, 0)         = 2
> connect(2, {sa_family=AF_UNIX, path="/var/run/.nscd_socket"}, 110) = 0
> writev(2, [{"\2\0\0\0\0\0\0\0\r\0\0\0", 12}, {"h1006563-003\0", 13}], 2) =
25
> read(2, "\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\377\377\377\377\377\377"..., 36)
= 36
> close(2)                                = 0
> getpeername(0, 0xbfffe870, [16])        = -1 ENOTSOCK (Socket operation on
non-socket)
> alarm(0)                                = 0
> brk(0)                                  = 0x80f6000
> brk(0x80f8000)                          = 0x80f8000
> time([1078433747])                      = 1078433747
> open("/etc/localtime", O_RDONLY)        = 2
> fstat64(2, {st_mode=S_IFREG|0644, st_size=837, ...}) = 0
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x40018000
> read(2, "TZif\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\0\0\10"..., 4096)
= 837
> brk(0)                                  = 0x80f8000
> brk(0x80f9000)                          = 0x80f9000
> close(2)                                = 0
> munmap(0x40018000, 4096)                = 0
> getpid()                                = 26729
> rt_sigaction(SIGPIPE, {0x420db8b0, [], SA_RESTORER, 0x420277b8},
{SIG_DFL}, 8) = 0
> socket(PF_UNIX, SOCK_DGRAM, 0)          = 2
> fcntl64(2, F_SETFD, FD_CLOEXEC)         = 0
> connect(2, {sa_family=AF_UNIX, path="/dev/log"}, 16) = 0
> send(2, "<37>Mar  4 21:55:47 ipop3d[26729"..., 96, 0) = 96
> rt_sigaction(SIGPIPE, {SIG_DFL}, NULL, 8) = 0
> rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
> rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
> rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
> nanosleep({3, 0}, {3, 0})               = 0
> write(1, "-ERR Bad login\r\n", 16)      = 16
>
> >> here i got the "Bad login" from ipop3d.
>
> What i can see is that it tries to use nscd. This one is running.
> When i stop nscd from it's rc.script, i can see that ipop3d opens
> /etc/passwd to check the user.
>
> So this strace lets me come to the conclusion that it's not
> opening /etc/passwd, what is OK. It seems that it tries to work
> with PAM, but it looks like pam_mysql isn't available for some
> reason. At least it looks like pam_mysql isn't invoked, because
> there are no syslog messages from pam_mysql at all.
>
> I'm out of ideas currently.. ;-/ phew..
>
> Very interesting is the fact that i can use a local mysqlserver
> without any problems on my older 7.3 redhat box. I only got these
> problems with the freshly installed RH9 using the remote
> mysqlserver.
>
> Kind regards,
> andy..
>
>
>
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list

More information about the Pam-list mailing list