ssh authentication failed problem use freeradius & pam_radius
sam
jianxueqd1 at alcatel-lucent.com
Thu May 24 16:44:45 CEST 2012
The pam_radius_auth module is installed on linux, and if the user-A is not
created in local and only existed in remote radius server.
In following function() in pam_radius_auth.c, the *password always is
INCORRECT
+++++++++++++code+++++++++++++
static int rad_converse(pam_handle_t *pamh, int msg_style, char *message,
char **password)
{
CONST struct pam_conv *conv;
struct pam_message resp_msg;
CONST struct pam_message *msg[1];
struct pam_response *resp = NULL;
int retval;
resp_msg.msg_style = msg_style;
resp_msg.msg = message;
msg[0] = &resp_msg;
/* grab the password */
retval = pam_get_item(pamh, PAM_CONV, (CONST void **) &conv);
PAM_FAIL_CHECK;
retval = conv->conv(1, msg, &resp,conv->appdata_ptr); < it seems the
resp is saved some useful info.
PAM_FAIL_CHECK;
if (password) { /* assume msg.type needs a response */
/* I'm not sure if this next bit is necessary on Linux */
_pam_log(LOG_ERR, "enter in");
#ifdef sun
/* NULL response, fail authentication */
if ((resp == NULL) || (resp->resp == NULL)) {
return PAM_SYSTEM_ERR;
}
#endif
*password = resp->resp; <<<< saved the retrun value to *password.
(value is INCORRECT)
free(resp);
}
return PAM_SUCCESS;
}
+++++++++++++code+++++++++++++
Not familiar with this module, can anybody give some instrutions?
--
View this message in context: http://freeradius.1045715.n5.nabble.com/ssh-authentication-failed-problem-use-freeradius-pam-radius-tp5687733p5713359.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
More information about the Freeradius-Users
mailing list