[Swan] [Openswan Users] XAUTH not receiving/computing password
Nels Lindquist
nlindq at maei.ca
Wed Aug 27 00:08:32 EEST 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 8/26/2014 12:24 PM, Paul Wouters wrote:
> On Tue, 26 Aug 2014, Nels Lindquist wrote:
>
>>>> pontus:$apr1$G/Yn3NSQ$xBq7LyNNYCBc0COKWM6Dj0:roadwarrior
>>>
>>> So $apr1$ is not standard crypt(), it is apache specific:
>>>
>>> https://httpd.apache.org/docs/current/misc/password_encryptions.html
>
>>>
>> Would/Should this have any impact on using pam with XAUTH? I'd
>> prefer to do that myself, if possible, and I'm experiencing the
>> same issues on CentOS 6 that Remy and Pontus are on CentOS/RHEL
>> 7.
>
> No. It only involves file based authentication. the "error 7" as
> far as I can tell comes from a missing "session" line the
> /etc/pam.d/pluto file, as pam does two calls. One for password
> authentication and one for session authorization. I believe this
> last one fails when you see the "error 7".
>
> But I still need to confirm this by setting up a rhel7 machines and
> test this.
I'm experiencing the same issue on CentOS6, actually.
I commented out everything in /etc/pam.d/pluto except for:
account required pam_permit.so
password required pam_permit.so
session required pam_permit.so
...but it didn't make any difference. Still getting an authentication
failure:
Aug 26 14:53:42 mail pluto[16526]: XAUTH: User nels: Attempting to login
Aug 26 14:53:42 mail pluto[16526]: XAUTH: pam authentication being
called to authenticate user nels
Aug 26 14:53:44 mail pluto[16526]: XAUTH: pam_authenticate failed with
'Authentication failure'
Aug 26 14:53:44 mail pluto[16526]: XAUTH: User nels: Authentication
Failed: Incorrect Username or Password
- --
Nels Lindquist
<nlindq at maei.ca>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (MingW32)
iEYEARECAAYFAlP8908ACgkQh6z5POoOLgTVswCaA4mPRymv2RhZG0YLFbREeqW8
OUYAn0zNpJLgeGnvZkY5Ij80V2mU5XYv
=+ir0
-----END PGP SIGNATURE-----
More information about the Swan
mailing list