[Swan] XAUTH: PAM auth chain failed with '7' on CentOS 7
Pontus Wiberg
pontus.wiberg at universumglobal.com
Wed Aug 20 12:40:32 EEST 2014
Paul Wouters <paul <at> nohats.ca> writes:
>
> On Mon, 21 Jul 2014, Remy van Elst wrote:
>
> > Subject: Re: [Swan] XAUTH: PAM auth chain failed with '7' on CentOS
7
> >
> > 3.9 does not seem to fix the problem, I still get login errors with
> > either PAM or a passwd file, same steps as earlier but with the new
> > packages:
>
> What happens when you add:
>
> account required pam_permit.so
>
> to /etc/pam.d/pluto
>
> Paul
>
This issue sounds very much like what I am experiencing, on Ubuntu 14.04
and 12.04 though. Both PAM and file auth fails seemingly because
Libreswan loses the password somehow(?). When doing file auth it finds
the corresponding user account and the hash from the file, but tries to
compare it to (null). This has been tested with both iPhone and
ShrewSoft VPN as a client and the same thing happens, xauth fails
immediately because the password Libreswan (thinks?) it receives is
empty.
Anyone have any ideas on this, I've tested the set up on new servers
several times and everything works with xauthby=alwaysok.. but that
isn't an ok solution for this. I've spent so much time setting up site-
to-site tunnels and other things, I would hate to have to replace the
entire solution because of this seemingly easy problem, but 10+ hours of
searching and I haven't found an explanation yet :)
Any help would be greatly appreciated!
Thanks & Best Regards,
Pontus Wiberg
More information about the Swan
mailing list