You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Indeed, ejabberd doesn't fill this field.
I'm a bit clueless, what should be in that field?
Sorry, I overlooked the question.
In my understanding of PAM, the RHOST field contains the remote host from which the connection was initiated.
So for a client connecting to ejabberd to be authenticated with pam, we need:
PAM_SERVICE: ejabberd (fine)
PAM_USER: the local user name (not set)
PAM_RHOST: the remote host (ip addresse or FDQN, not set)
PAM_RUSER is the remote user name on the client machine, in case it is different from the local user name we are trying to authenticate, and optional. (For me I do not care; besides it would be hard the get). PAM_TERMINAL makes sense for ttys. If anything use the same value as for PAM_SERVICE, or just leave it empty.
Hello,
as of version 18.12.1, ejabberd does not place anything in the rhost field. Easiest check is with
pam_warn.
Mar 20 13:27:46 Redstar epam: pam_warn(ejabberd:auth): function=[pam_sm_authenticate] flags=0 service=[ejabberd] terminal=[] user=[] ruser=[] rhost=[]
The corresponding functionality in the erlang-p1-pam Package is available
for a while (cfr #1591).
As it is in the ejabberd.log, it should as well be provided to the pam
stack, as it is not a local service (like e.g. cron)
The text was updated successfully, but these errors were encountered: