[ngIRCd-ML] A little pam help?

Doug douglas.linder at gmail.com
Wed Mar 6 01:49:42 CET 2013


You're right; I had a setup /etc/pam.d/ngircd but it was setup to use the
wrong pam module; local auth instead of ldap, unlike the login service.

So it was literally the wrong password for the user (and also why pamtester
was working).

Thanks for pointing me in the right direction~

Cheers,
Doug.



On Wed, Mar 6, 2013 at 1:31 AM, Alexander Barton <alex at barton.de> wrote:

> Hi Doug!
>
> On Tue, Mar 05, 2013 at 12:32:16PM +0800, Doug wrote:
>
> > I was wondering if someone could shed some light on how to use PAM with
> > ngircd?
> >
> > I've set PAM = yes, and PAMIsOptional = no, but I'm kind of fuzzy on how
> > this is supposed to work.
> >
> > The client connects with a nick and username, (in this case my username
> for
> > both, douglasl).
>
> But you/your client/"it" has to send a password using the PASS command,
> too :-)
>
> > The server rejects the connection, and logs:
> >
> > [18632:6    5] Accepted connection 7 from 127.0.0.1:59814 on socket 6.
> > [18906:3    5] PAM: Error on "douglasl" (douglasl!~douglasl at localhost):
> > Authentication failure
> > [18632:3    5] User "douglasl!~douglasl at localhost" rejected (connection
> 7):
> > Bad password!
> > [18632:6    5] Shutting down connection 7 (Bad password) with
> > localhost:59814 ...
> > [18632:5    5] Client "douglasl" unregistered (connection 7): Bad
> password
> > [18632:6    5] Connection 7 with localhost:59814 closed (in: 0.1k, out:
> > 0.0k).
>
> Because you provided no password at all, if I understand you correctly?
>
> > Riiight. I'm pretty sure I've got pam working, because I can use
> pamtester
> > well enough:
> >
> > ~/ngircd/pamtester-0.1.2/src# ./pamtester login douglasl authenticate
> > Password:
> > pamtester: successfully authenticated
>
> I don't know "pamtester", but PAM requires a "service name", and if I
> understand it correctly, you are using "login" as service name in your
> example
> above; but ngIRCd uses – guess what? – "ngircd" :-)
>
> So most probably you have to check your PAM setup for ngIRCd using
> something
> like this:
>
>  $ pamtester ngircd douglasl authenticate
>
> > So, the question is, how the irc client supposed to be supplying the
> > password for the user?
>
> It has to send a valid PASS command, _before_ it sends NICK and USER.
> For example (raw IRC commands):
>
>  PASS :password
>  NICK :nickname
>  USER login . . :Real Name
>
> > The raw commands to the server after connect are PASS / NICK / USER,
> which
> > sound like they should be all I need.
>
> Right.
>
> Regards
> Alex
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://arthur.barton.de/pipermail/ngircd-ml/attachments/20130306/d3fe8d64/attachment.html>


More information about the ngIRCd-ML mailing list