Trouble with pam_unix and pam_opie
Nikolaus Rath
Nikolaus at rath.org
Tue Oct 28 22:22:05 UTC 2008
Hello,
I am trying to set up a configuration that allows me to log in either
using my ordinary unix password or using a one time password.
I am using the following configuration:
auth sufficient pam_opie.so
auth sufficient pam_unix.so nullok_secure try_first_pass
auth required pam_deny.so
This works perfectly with ssh. I immediately can enter either my unix
password or the correct OTP and I'm logged in.
For some strange reason, the very same configuration does not work for
imap (cyrus via saslauthd) or Apache (via pwauth) though. Even worse,
the only log output I can find is from sasldauthd (which mediates the
imap authentification):
Oct 17 18:26:22 ebox saslauthd[21819]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=nikratio
Oct 17 18:26:23 ebox saslauthd[21819]: DEBUG: auth_pam: pam_authenticate failed: Authentication failure
Oct 17 18:26:23 ebox saslauthd[21819]: do_auth : auth failure: [user=nikratio] [service=imap] [realm=] [mech=pam] [reason=PAM auth error]
which really doesn't tell me much. Therefore I'm not even sure where
to start looking for the problem.
Can someone tell me if there is a way to get a reasonable debug output
from the pam modules?
Of course, if someone is able to guess what I need to do to get the
real problem fixed, that'd also be very much appreciated.
Best,
-Nikolaus
--
»It is not worth an intelligent man's time to be in the majority.
By definition, there are already enough people to do that.«
-J.H. Hardy
PGP fingerprint: 5B93 61F8 4EA2 E279 ABF6 02CF A9AD B7F8 AE4E 425C
More information about the Pam-list
mailing list