You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Feb 28, 2024. It is now read-only.
I am using pam_tacplus 1.3.9 to authenticate a user against an existing server.
The auth part goes OK. A user which doesn't exist on the local machine is authenticated
remotely on the server and then the local machine we clone an account for it and then the pam_sm_acct_mgmt() function tries to authenticate that user again.
But this time for some reason the user becomes root! And since there is no root user on the server the authentication fails!
Why the user becomes root in the middle of the procedure?
Here is part of the log:
ar 10 11:47:38 Manishacusfpv3-1-170 login[15729]: pam_sm_authenticate: called (pam_tacplus v1.3.8)
Mar 10 11:47:38 Manishacusfpv3-1-170 login[15729]: pam_sm_authenticate: user [knatte] obtained
Mar 10 11:47:38 Manishacusfpv3-1-170 login[15729]: tacacs_get_password: called
Mar 10 11:47:38 Manishacusfpv3-1-170 login[15729]: tacacs_get_password: obtained password
Mar 10 11:47:38 Manishacusfpv3-1-170 login[15729]: pam_sm_authenticate: password obtained
Mar 10 11:47:38 Manishacusfpv3-1-170 login[15729]: pam_sm_authenticate: tty [pts/1] obtained
Mar 10 11:47:38 Manishacusfpv3-1-170 login[15729]: pam_sm_authenticate: rhost [gentoo-akros.transmode.se] obtained
Mar 10 11:47:38 Manishacusfpv3-1-170 login[15729]: pam_sm_authenticate: trying srv 0
Mar 10 11:47:38 Manishacusfpv3-1-170 login[15729]: tacacs status: TAC_PLUS_AUTHEN_STATUS_PASS
Mar 10 11:47:38 Manishacusfpv3-1-170 login[15729]: pam_sm_authenticate: active srv 0
Mar 10 11:47:38 Manishacusfpv3-1-170 PAM-tacplus[15729]: User does not exist; trying to clone oper
Mar 10 11:47:38 Manishacusfpv3-1-170 PAM-tacplus[15729]: passwdp->pw_name = 'oper'
Mar 10 11:47:38 Manishacusfpv3-1-170 PAM-tacplus[15729]: updated passwdp->pw_name = 'knatte'
Mar 10 11:47:38 Manishacusfpv3-1-170 PAM-tacplus[15729]: useradd -d /home/oper -c ",,,,Operator,profile=operator" -s /bin/mibshwrapper -g users -p "_" knatte
Mar 10 11:47:38 Manishacusfpv3-1-170 PAM-tacplus[15731]: unrecognized option: encrypt
Mar 10 11:47:38 Manishacusfpv3-1-170 PAM-tacplus[15731]: read_config: server [172.16.12.13]
Mar 10 11:47:38 Manishacusfpv3-1-170 PAM-tacplus[15731]: read_config: key [1234567890]
Mar 10 11:47:38 Manishacusfpv3-1-170 PAM-tacplus[15731]: 1 servers defined
Mar 10 11:47:38 Manishacusfpv3-1-170 PAM-tacplus[15731]: server[0] { addr=172.16.12.13:49, key='1234567890' }
Mar 10 11:47:38 Manishacusfpv3-1-170 PAM-tacplus[15731]: tac_service='raccess'
Mar 10 11:47:38 Manishacusfpv3-1-170 PAM-tacplus[15731]: tac_protocol='unknown'
Mar 10 11:47:38 Manishacusfpv3-1-170 PAM-tacplus[15731]: tac_prompt=''
Mar 10 11:47:38 Manishacusfpv3-1-170 PAM-tacplus[15731]: tac_login=''
Mar 10 11:47:38 Manishacusfpv3-1-170 useradd[15731]: pam_sm_acct_mgmt: called (pam_tacplus v1.3.8) _Mar 10 11:47:38 Manishacusfpv3-1-170 useradd[15731]: pam_sm_acct_mgmt: username obtained [root]*
Mar 10 11:47:38 Manishacusfpv3-1-170 useradd[15731]: pam_sm_acct_mgmt: tty obtained [pts/1]
Mar 10 11:47:38 Manishacusfpv3-1-170 useradd[15731]: pam_sm_acct_mgmt: rhost obtained [unknown]
The text was updated successfully, but these errors were encountered:
Hi,
I am using pam_tacplus 1.3.9 to authenticate a user against an existing server.
The auth part goes OK. A user which doesn't exist on the local machine is authenticated
remotely on the server and then the local machine we clone an account for it and then the pam_sm_acct_mgmt() function tries to authenticate that user again.
But this time for some reason the user becomes root! And since there is no root user on the server the authentication fails!
Why the user becomes root in the middle of the procedure?
Here is part of the log:
ar 10 11:47:38 Manishacusfpv3-1-170 login[15729]: pam_sm_authenticate: called (pam_tacplus v1.3.8)
Mar 10 11:47:38 Manishacusfpv3-1-170 login[15729]: pam_sm_authenticate: user [knatte] obtained
Mar 10 11:47:38 Manishacusfpv3-1-170 login[15729]: tacacs_get_password: called
Mar 10 11:47:38 Manishacusfpv3-1-170 login[15729]: tacacs_get_password: obtained password
Mar 10 11:47:38 Manishacusfpv3-1-170 login[15729]: pam_sm_authenticate: password obtained
Mar 10 11:47:38 Manishacusfpv3-1-170 login[15729]: pam_sm_authenticate: tty [pts/1] obtained
Mar 10 11:47:38 Manishacusfpv3-1-170 login[15729]: pam_sm_authenticate: rhost [gentoo-akros.transmode.se] obtained
Mar 10 11:47:38 Manishacusfpv3-1-170 login[15729]: pam_sm_authenticate: trying srv 0
Mar 10 11:47:38 Manishacusfpv3-1-170 login[15729]: tacacs status: TAC_PLUS_AUTHEN_STATUS_PASS
Mar 10 11:47:38 Manishacusfpv3-1-170 login[15729]: pam_sm_authenticate: active srv 0
Mar 10 11:47:38 Manishacusfpv3-1-170 PAM-tacplus[15729]: User does not exist; trying to clone oper
Mar 10 11:47:38 Manishacusfpv3-1-170 PAM-tacplus[15729]: passwdp->pw_name = 'oper'
Mar 10 11:47:38 Manishacusfpv3-1-170 PAM-tacplus[15729]: updated passwdp->pw_name = 'knatte'
Mar 10 11:47:38 Manishacusfpv3-1-170 PAM-tacplus[15729]: useradd -d /home/oper -c ",,,,Operator,profile=operator" -s /bin/mibshwrapper -g users -p "_" knatte
Mar 10 11:47:38 Manishacusfpv3-1-170 PAM-tacplus[15731]: unrecognized option: encrypt
Mar 10 11:47:38 Manishacusfpv3-1-170 PAM-tacplus[15731]: read_config: server [172.16.12.13]
Mar 10 11:47:38 Manishacusfpv3-1-170 PAM-tacplus[15731]: read_config: key [1234567890]
Mar 10 11:47:38 Manishacusfpv3-1-170 PAM-tacplus[15731]: 1 servers defined
Mar 10 11:47:38 Manishacusfpv3-1-170 PAM-tacplus[15731]: server[0] { addr=172.16.12.13:49, key='1234567890' }
Mar 10 11:47:38 Manishacusfpv3-1-170 PAM-tacplus[15731]: tac_service='raccess'
Mar 10 11:47:38 Manishacusfpv3-1-170 PAM-tacplus[15731]: tac_protocol='unknown'
Mar 10 11:47:38 Manishacusfpv3-1-170 PAM-tacplus[15731]: tac_prompt=''
Mar 10 11:47:38 Manishacusfpv3-1-170 PAM-tacplus[15731]: tac_login=''
Mar 10 11:47:38 Manishacusfpv3-1-170 useradd[15731]: pam_sm_acct_mgmt: called (pam_tacplus v1.3.8)
_Mar 10 11:47:38 Manishacusfpv3-1-170 useradd[15731]: pam_sm_acct_mgmt: username obtained [root]*
Mar 10 11:47:38 Manishacusfpv3-1-170 useradd[15731]: pam_sm_acct_mgmt: tty obtained [pts/1]
Mar 10 11:47:38 Manishacusfpv3-1-170 useradd[15731]: pam_sm_acct_mgmt: rhost obtained [unknown]
The text was updated successfully, but these errors were encountered: