[jadmin] PAM Authentication

Bob Larsen bob at bryanramey.com
Wed Jan 23 09:38:01 CST 2008 

I am using winbind for samba, and would like to use it for jabberd as
well.  But I think jabberd is the only thing that will use PAM.

 

To set up winbind, I configured /etc/samba/smb.conf and /etc/krb5.conf.
Samba works without problems.

 

That's pretty much the only relevant configuration I've done.  Perhaps I
missed something?

 

 

 

The only time a user logs into the server (via a console or ssh) is for
maintenance, and I see no need to add all of my AD users to that
process.  I can manage the IT users via /etc/passwd.  

 

I created an /etc/pam.d/jabberd which contains:

 

Auth        required    pam_winbind.so use_first_pass

password    required    pam_winbind.so use_first_pass

account     required    pam_winbind.so use_first_pass

session     required    pam_winbind.so use_first_pass

 

 

when I try to login I get the following logs:

 

Jabberd/c2s[pid]: pam: couldn't authenticate: Authentication token
manipulation error

Jabberd/c2s[pid]: auth failed: username=user, resource=resource

 

This is really vague, and I don't know enough about pam or winbind to
extract more meaningful information.

 

 

 

Bob Larsen

 

Bryan D Ramey and Associates

 

bob at bryanramey.com

________________________________

From: jadmin-bounces at jabber.org [mailto:jadmin-bounces at jabber.org] On
Behalf Of Norman Rasmussen
Sent: Tuesday, January 22, 2008 5:14 AM
To: Jabber/XMPP server administration list
Subject: Re: [jadmin] PAM Authentication

 

On Jan 21, 2008 4:07 PM, Bob Larsen <bob at bryanramey.com> wrote:

	The other two items on the checklist appear to only apply when
nusing pam to authenticate against /etc/shadow.
	I am authenticating against winbind.


For what I remember pam is configured via a bunch of files in
/etc/pam.d.  c2s would use /etc/pam.d/jabberd.  Where did you set up
winbind, and does it affect the jabberd file too, or just ssh and login?




-- 
- Norman Rasmussen
- Email: norman at rasmussen.co.za
- Home page: http://norman.rasmussen.co.za/ 
-- 
This message has been scanned for viruses and 
dangerous content by MailScanner <http://www.mailscanner.info/> , and is

believed to be clean. 


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.jabber.org/pipermail/jadmin/attachments/20080123/7a0e0ee6/attachment.htm

More information about the JAdmin mailing list