Solaris 8 compat mode
Aaron Spangler
as at insight.rr.com
Sat Feb 8 16:29:59 EST 2003
Hmm...
auth.debug should also include things like
pam_start()
pam_setitem()
and also the results of the individual pam modules that pam loads and unloads.
There should be more debugging available.
You might also ask yourself some questions such as:
1) Are you using a password that contains punctuation? These characters (such as
!@#$%^&* ) were the predicessors to kill, intr, suspend (^U, ^C, ^Z). In some rare
cases on SVR4 based systems I have seen telnetd & rlogind treat these differently.
For example. Telnet <remotebox>
login: <username>
password: <myp at ssword>
On some unpatched systems, the @ character means "erase to beginning of line" and
is treated like a ctrl-u. So your real password is only "ssword". Once you are
logged in, the profile usually corrects these stty setttings.
2) Also is your password more than 8 characters long? In rare cases this causes
problems on solaris if you are using something other than crypt() for your
passwords.
Temporarily sprinkling a printf near the tgetpass() call in the auth/pam.c code
might also help debug what is going in and out of PAM.
I hope some of these fragments of thought give you some possible avenues to debug.
- Aaron
Greene Jason-RB512C wrote:
> Yeah...I got that far...unfortunantly the output is not much help to me.
>
> Feb 6 12:20:55 machine1 sudo[504]: [ID 888916 user.debug] unix pam_sm_authenti
> cate(sudo rb512c), flags = 80000000
> Feb 6 12:21:00 machine1 sudo[504]: [ID 427203 user.debug] pam_authenticate: er
> ror Authentication failed
> Feb 6 12:21:00 machine1 sudo[504]: [ID 888916 user.debug] unix pam_sm_authenti
> cate(sudo rb512c), flags = 80000000
> Feb 6 12:21:05 machine1 sudo[504]: [ID 427203 user.debug] pam_authenticate: er
> ror Authentication failed
> Feb 6 12:21:05 machine1 sudo[504]: [ID 888916 user.debug] unix pam_sm_authenti
> cate(sudo rb512c), flags = 80000000
> Feb 6 12:21:09 machine1 sudo[504]: [ID 427203 user.debug] pam_authenticate: er
> ror Authentication failed
>
> -----Original Message-----
> From: Aaron Spangler [mailto:as at insight.rr.com]
> Sent: Thursday, February 06, 2003 5:48 PM
> To: Greene Jason-RB512C
> Cc: sudo-users at sudo.ws
> Subject: Re: Solaris 8 compat mode
>
> If you want to do pam debugging on solaris 8, do the following:
>
> 1) Add "auth.debug /etc/pam_debug" to /etc/syslog.conf
> 2) restart syslog
> 3) touch /etc/pam_debug
> 4) tail -f /etc/pam_debug &
More information about the sudo-users
mailing list