I've added a role with flags "sPG" name corman (which is also a user on the system with a password) to make corman a special role, to authenticate off of PAM.
With RBAC enabled, PAM auth is working with pamtester when the right password is typed, and failing when the wrong password is typed.
- Code: Select all
[root@localhost ~]# pamtester -v login corman authenticate
pamtester: invoking pam_start(login, corman, ...)
pamtester: performing operation - authenticate
Password:
pamtester: successfully authenticated
However, "gradm -p corman" fails without even asking for a password. An strace on that command (running it under the admin role so I don't get permissions denied on the ptrace) reveals:
- Code: Select all
[pid 7270] open("/etc/pam.d/gradm", O_RDONLY) = -1 ENOENT (No such file or directory)
[pid 7270] open("/etc/pam.d/other", O_RDONLY) = 3
I'm sure that gradm was built with pam support, the pam-devel package is installed and the gradm_pam binary exists. It seems that the /etc/pam.d/gradm file is missing... and it rolls back to "other", which basically is deny only. What is supposed to be in /etc/pam.d/gradm?
I'm using gradm-2.1.11-200803171746
