pam pam_sm_authenticate try to get get user and password of non esixting users
Clash Royale CLAN TAG#URR8PPP
up vote
1
down vote
favorite
I am trying to get the user and password of the enter users via ssh , but I can only see the passwords of the users that are registered and the non registers user's (Ubuntu users) I get the string "INC" . I am trying to replace the Ubuntu authentication and test if the users is legit via my own db and if so redirect the default user and password . my code :
int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
I compiled it as .so and addeed this to /etc/pam.d/sshd auth sufficient /lib/x86_64-linux-gnu/security/pam_test.so
my prints in /var/log/test_pam_debug.txt
user=wewe, password=[ ] for unknown or sometimes
2.. user=jhjh, password=[ IN] and for known users it prints it user password (not what the user has typed and I can't seem to change it)
linux ubuntu ssh sshd pam
edited Mar 6 at 8:53
Drakonoved
674518
asked Mar 6 at 8:12
junior_software
187
add a comment |Â
up vote
1
down vote
favorite
I am trying to get the user and password of the enter users via ssh , but I can only see the passwords of the users that are registered and the non registers user's (Ubuntu users) I get the string "INC" . I am trying to replace the Ubuntu authentication and test if the users is legit via my own db and if so redirect the default user and password . my code :
int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
I compiled it as .so and addeed this to /etc/pam.d/sshd auth sufficient /lib/x86_64-linux-gnu/security/pam_test.so
my prints in /var/log/test_pam_debug.txt
user=wewe, password=[ ] for unknown or sometimes
2.. user=jhjh, password=[ IN] and for known users it prints it user password (not what the user has typed and I can't seem to change it)
linux ubuntu ssh sshd pam
edited Mar 6 at 8:53
Drakonoved
674518
asked Mar 6 at 8:12
junior_software
187
add a comment |Â
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I am trying to get the user and password of the enter users via ssh , but I can only see the passwords of the users that are registered and the non registers user's (Ubuntu users) I get the string "INC" . I am trying to replace the Ubuntu authentication and test if the users is legit via my own db and if so redirect the default user and password . my code :
int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
I compiled it as .so and addeed this to /etc/pam.d/sshd auth sufficient /lib/x86_64-linux-gnu/security/pam_test.so
my prints in /var/log/test_pam_debug.txt
user=wewe, password=[ ] for unknown or sometimes
2.. user=jhjh, password=[ IN] and for known users it prints it user password (not what the user has typed and I can't seem to change it)
linux ubuntu ssh sshd pam
edited Mar 6 at 8:53
Drakonoved
674518
asked Mar 6 at 8:12
junior_software
187
I am trying to get the user and password of the enter users via ssh , but I can only see the passwords of the users that are registered and the non registers user's (Ubuntu users) I get the string "INC" . I am trying to replace the Ubuntu authentication and test if the users is legit via my own db and if so redirect the default user and password . my code :
int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
I compiled it as .so and addeed this to /etc/pam.d/sshd auth sufficient /lib/x86_64-linux-gnu/security/pam_test.so
my prints in /var/log/test_pam_debug.txt
user=wewe, password=[ ] for unknown or sometimes
2.. user=jhjh, password=[ IN] and for known users it prints it user password (not what the user has typed and I can't seem to change it)
linux ubuntu ssh sshd pam
edited Mar 6 at 8:53
Drakonoved
674518
asked Mar 6 at 8:12
junior_software
187
edited Mar 6 at 8:53
Drakonoved
674518
edited Mar 6 at 8:53
Drakonoved
674518
edited Mar 6 at 8:53
Drakonoved
674518
674518
asked Mar 6 at 8:12
junior_software
187
asked Mar 6 at 8:12
junior_software
187
asked Mar 6 at 8:12
junior_software
187
187
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
0
down vote
found the isue at :https://www.linuxquestions.org/questions/programming-9/can%27t-get-auth-token-for-non-local-users-with-pam-module-945164/
basically the problem is that er can't get paswword from unkown user's , Linux PAM will replace the password with "bnr177INCORRECT" if it cannot obtain information regarding the user from the system databases (Name Service Switch, see man nsswitch.conf).
possible workaround check with getpawn that the user does exists.
example:
/* The actual pam functions are merely wrappers around succeed_if */
PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
const char * password=NULL;
struct passwd *pwd;
const char *user;
int pam_err=0;
/* identify user */
pam_err = pam_get_user(pamh, &user, NULL);
if (pam_err != PAM_SUCCESS)
return (pam_err);
if ((pwd = getpwnam(user)) == NULL)
return (PAM_USER_UNKNOWN);
/*note : if user is not deefined pawsword return will be "^H$^M^?INCORRECT^@" */
pam_err = pam_get_authtok(pamh, PAM_AUTHTOK, &password , NULL);
if (pam_err!=PAM_SUCCESS)
return (pam_err);
/*here add personal auhtentication */
pam_err = isAuthenticate((char *)user,(char *)password);
if (pam_err != PAM_OK)
return (PAM_AUTH_ERR);
return (PAM_SUCCESS);
edited Mar 19 at 9:06
Drakonoved
674518
answered Mar 18 at 12:19
junior_software
187
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
found the isue at :https://www.linuxquestions.org/questions/programming-9/can%27t-get-auth-token-for-non-local-users-with-pam-module-945164/
basically the problem is that er can't get paswword from unkown user's , Linux PAM will replace the password with "bnr177INCORRECT" if it cannot obtain information regarding the user from the system databases (Name Service Switch, see man nsswitch.conf).
possible workaround check with getpawn that the user does exists.
example:
/* The actual pam functions are merely wrappers around succeed_if */
PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
const char * password=NULL;
struct passwd *pwd;
const char *user;
int pam_err=0;
/* identify user */
pam_err = pam_get_user(pamh, &user, NULL);
if (pam_err != PAM_SUCCESS)
return (pam_err);
if ((pwd = getpwnam(user)) == NULL)
return (PAM_USER_UNKNOWN);
/*note : if user is not deefined pawsword return will be "^H$^M^?INCORRECT^@" */
pam_err = pam_get_authtok(pamh, PAM_AUTHTOK, &password , NULL);
if (pam_err!=PAM_SUCCESS)
return (pam_err);
/*here add personal auhtentication */
pam_err = isAuthenticate((char *)user,(char *)password);
if (pam_err != PAM_OK)
return (PAM_AUTH_ERR);
return (PAM_SUCCESS);
edited Mar 19 at 9:06
Drakonoved
674518
answered Mar 18 at 12:19
junior_software
187
add a comment |Â
up vote
0
down vote
found the isue at :https://www.linuxquestions.org/questions/programming-9/can%27t-get-auth-token-for-non-local-users-with-pam-module-945164/
basically the problem is that er can't get paswword from unkown user's , Linux PAM will replace the password with "bnr177INCORRECT" if it cannot obtain information regarding the user from the system databases (Name Service Switch, see man nsswitch.conf).
possible workaround check with getpawn that the user does exists.
example:
/* The actual pam functions are merely wrappers around succeed_if */
PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
const char * password=NULL;
struct passwd *pwd;
const char *user;
int pam_err=0;
/* identify user */
pam_err = pam_get_user(pamh, &user, NULL);
if (pam_err != PAM_SUCCESS)
return (pam_err);
if ((pwd = getpwnam(user)) == NULL)
return (PAM_USER_UNKNOWN);
/*note : if user is not deefined pawsword return will be "^H$^M^?INCORRECT^@" */
pam_err = pam_get_authtok(pamh, PAM_AUTHTOK, &password , NULL);
if (pam_err!=PAM_SUCCESS)
return (pam_err);
/*here add personal auhtentication */
pam_err = isAuthenticate((char *)user,(char *)password);
if (pam_err != PAM_OK)
return (PAM_AUTH_ERR);
return (PAM_SUCCESS);
edited Mar 19 at 9:06
Drakonoved
674518
answered Mar 18 at 12:19
junior_software
187
add a comment |Â
up vote
0
down vote
up vote
0
down vote
found the isue at :https://www.linuxquestions.org/questions/programming-9/can%27t-get-auth-token-for-non-local-users-with-pam-module-945164/
basically the problem is that er can't get paswword from unkown user's , Linux PAM will replace the password with "bnr177INCORRECT" if it cannot obtain information regarding the user from the system databases (Name Service Switch, see man nsswitch.conf).
possible workaround check with getpawn that the user does exists.
example:
/* The actual pam functions are merely wrappers around succeed_if */
PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
const char * password=NULL;
struct passwd *pwd;
const char *user;
int pam_err=0;
/* identify user */
pam_err = pam_get_user(pamh, &user, NULL);
if (pam_err != PAM_SUCCESS)
return (pam_err);
if ((pwd = getpwnam(user)) == NULL)
return (PAM_USER_UNKNOWN);
/*note : if user is not deefined pawsword return will be "^H$^M^?INCORRECT^@" */
pam_err = pam_get_authtok(pamh, PAM_AUTHTOK, &password , NULL);
if (pam_err!=PAM_SUCCESS)
return (pam_err);
/*here add personal auhtentication */
pam_err = isAuthenticate((char *)user,(char *)password);
if (pam_err != PAM_OK)
return (PAM_AUTH_ERR);
return (PAM_SUCCESS);
edited Mar 19 at 9:06
Drakonoved
674518
answered Mar 18 at 12:19
junior_software
187
found the isue at :https://www.linuxquestions.org/questions/programming-9/can%27t-get-auth-token-for-non-local-users-with-pam-module-945164/
basically the problem is that er can't get paswword from unkown user's , Linux PAM will replace the password with "bnr177INCORRECT" if it cannot obtain information regarding the user from the system databases (Name Service Switch, see man nsswitch.conf).
possible workaround check with getpawn that the user does exists.
example:
/* The actual pam functions are merely wrappers around succeed_if */
PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
const char * password=NULL;
struct passwd *pwd;
const char *user;
int pam_err=0;
/* identify user */
pam_err = pam_get_user(pamh, &user, NULL);
if (pam_err != PAM_SUCCESS)
return (pam_err);
if ((pwd = getpwnam(user)) == NULL)
return (PAM_USER_UNKNOWN);
/*note : if user is not deefined pawsword return will be "^H$^M^?INCORRECT^@" */
pam_err = pam_get_authtok(pamh, PAM_AUTHTOK, &password , NULL);
if (pam_err!=PAM_SUCCESS)
return (pam_err);
/*here add personal auhtentication */
pam_err = isAuthenticate((char *)user,(char *)password);
if (pam_err != PAM_OK)
return (PAM_AUTH_ERR);
return (PAM_SUCCESS);
edited Mar 19 at 9:06
Drakonoved
674518
answered Mar 18 at 12:19
junior_software
187
edited Mar 19 at 9:06
Drakonoved
674518
edited Mar 19 at 9:06
Drakonoved
674518
edited Mar 19 at 9:06
Drakonoved
674518
674518
answered Mar 18 at 12:19
junior_software
187
answered Mar 18 at 12:19
junior_software
187
answered Mar 18 at 12:19
junior_software
187
187
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f428437%2fpam-pam-sm-authenticate-try-to-get-get-user-and-password-of-non-esixting-users%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
