[Swan] [Openswan Users] XAUTH not receiving/computing password

Nels Lindquist nlindq at maei.ca
Wed Aug 27 00:08:32 EEST 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 8/26/2014 12:24 PM, Paul Wouters wrote:
> On Tue, 26 Aug 2014, Nels Lindquist wrote:
> 
>>>> pontus:$apr1$G/Yn3NSQ$xBq7LyNNYCBc0COKWM6Dj0:roadwarrior
>>> 
>>> So $apr1$ is not standard crypt(), it is apache specific:
>>> 
>>> https://httpd.apache.org/docs/current/misc/password_encryptions.html
>
>>> 
>> Would/Should this have any impact on using pam with XAUTH?  I'd
>> prefer to do that myself, if possible, and I'm experiencing the
>> same issues on CentOS 6 that Remy and Pontus are on CentOS/RHEL
>> 7.
> 
> No. It only involves file based authentication. the "error 7" as
> far as I can tell comes from a missing "session" line the
> /etc/pam.d/pluto file, as pam does two calls. One for password
> authentication and one for session authorization. I believe this
> last one fails when you see the "error 7".
> 
> But I still need to confirm this by setting up a rhel7 machines and
> test this.

I'm experiencing the same issue on CentOS6, actually.

I commented out everything in /etc/pam.d/pluto except for:

account    required    pam_permit.so
password   required    pam_permit.so
session    required    pam_permit.so

...but it didn't make any difference.  Still getting an authentication
failure:

Aug 26 14:53:42 mail pluto[16526]: XAUTH: User nels: Attempting to login
Aug 26 14:53:42 mail pluto[16526]: XAUTH: pam authentication being
called to authenticate user nels
Aug 26 14:53:44 mail pluto[16526]: XAUTH: pam_authenticate failed with
'Authentication failure'
Aug 26 14:53:44 mail pluto[16526]: XAUTH: User nels: Authentication
Failed: Incorrect Username or Password


- -- 
Nels Lindquist
<nlindq at maei.ca>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (MingW32)

iEYEARECAAYFAlP8908ACgkQh6z5POoOLgTVswCaA4mPRymv2RhZG0YLFbREeqW8
OUYAn0zNpJLgeGnvZkY5Ij80V2mU5XYv
=+ir0
-----END PGP SIGNATURE-----


More information about the Swan mailing list