https://community.hpe.com/t5/operating-system-hp-ux/question-about-pam-on-hpux11/m-p/2955737#M752664 Sounds like your application works if run as root, but not if it runs as another user? If I understood your question correctly, then this is expected behavior in trusted mode.<BR /><BR />There are two reasons for this, from different perspectives.<BR /><BR />1. One of the main features of trusted mode is the ability to hide the encrypted password from non-root users. Hence, non-root users can't try to authenticate, or they could attempt password guessing schemes.<BR /><BR />2. It doesn't really do much good to authenticate a user if you can't switch to that user. Only root can do that anyway.<BR /><BR />Hope that helps. If not, maybe you could clarify what you're trying to do in the application? Mon, 21 Apr 2003 18:06:59 GMT Keith Buck 2003-04-21T18:06:59Z https://community.hpe.com/t5/operating-system-hp-ux/question-about-pam-on-hpux11/m-p/2955734#M752661 hello! i'm having problems using the pam application i made which simply authenticates the user. I was wondering how come if I log in as root I dont have a problem using the application. I'm currently using hpux11 which uses tcb. Any help is much appreciated. thanks! Mon, 21 Apr 2003 17:44:31 GMT https://community.hpe.com/t5/operating-system-hp-ux/question-about-pam-on-hpux11/m-p/2955734#M752661 mango_1 2003-04-21T17:44:31Z https://community.hpe.com/t5/operating-system-hp-ux/question-about-pam-on-hpux11/m-p/2955735#M752662 Like a wise man told me once "if it feels like a permsisions problem, it probably is". I don't know a thing about your Pam application but permissions is always a good place to start. Mon, 21 Apr 2003 17:49:46 GMT https://community.hpe.com/t5/operating-system-hp-ux/question-about-pam-on-hpux11/m-p/2955735#M752662 John Dvorchak 2003-04-21T17:49:46Z https://community.hpe.com/t5/operating-system-hp-ux/question-about-pam-on-hpux11/m-p/2955736#M752663 thanks for the advice. I've also looked into that possibility. but couldn't figure out where it had permission problems. I used truss to trace the application and i think the difference is in accessing the /tcb/files/auth/... its issuing an error 13 while as root its issuing error 2. is there a way to solve this? <BR /><BR />thanks! Mon, 21 Apr 2003 17:58:30 GMT https://community.hpe.com/t5/operating-system-hp-ux/question-about-pam-on-hpux11/m-p/2955736#M752663 mango_1 2003-04-21T17:58:30Z https://community.hpe.com/t5/operating-system-hp-ux/question-about-pam-on-hpux11/m-p/2955737#M752664 Sounds like your application works if run as root, but not if it runs as another user? If I understood your question correctly, then this is expected behavior in trusted mode.<BR /><BR />There are two reasons for this, from different perspectives.<BR /><BR />1. One of the main features of trusted mode is the ability to hide the encrypted password from non-root users. Hence, non-root users can't try to authenticate, or they could attempt password guessing schemes.<BR /><BR />2. It doesn't really do much good to authenticate a user if you can't switch to that user. Only root can do that anyway.<BR /><BR />Hope that helps. If not, maybe you could clarify what you're trying to do in the application? Mon, 21 Apr 2003 18:06:59 GMT https://community.hpe.com/t5/operating-system-hp-ux/question-about-pam-on-hpux11/m-p/2955737#M752664 Keith Buck 2003-04-21T18:06:59Z https://community.hpe.com/t5/operating-system-hp-ux/question-about-pam-on-hpux11/m-p/2955738#M752665 thanks for the help. really appreciate it! let me explain further. The application runs when I run it as myself or as root. the problem is when I use my application. my application actually tries to authenticate the user provided. <BR /><BR />(e.g. mylogin is the name of my application and when I run it as: mylogin <VALID username="">. It will fail when I log in as myself but will return success when I'm the root) <BR /><BR />Please let me know if you need any additional information. thanks!</VALID> Mon, 21 Apr 2003 18:18:30 GMT https://community.hpe.com/t5/operating-system-hp-ux/question-about-pam-on-hpux11/m-p/2955738#M752665 mango_1 2003-04-21T18:18:30Z https://community.hpe.com/t5/operating-system-hp-ux/question-about-pam-on-hpux11/m-p/2955739#M752666 i encounter the error "No account present for user" even if the user is valid. <BR /><BR />thanks again! :) Mon, 21 Apr 2003 19:17:41 GMT https://community.hpe.com/t5/operating-system-hp-ux/question-about-pam-on-hpux11/m-p/2955739#M752666 mango_1 2003-04-21T19:17:41Z https://community.hpe.com/t5/operating-system-hp-ux/question-about-pam-on-hpux11/m-p/2955740#M752667 hi all! i think the problem is that i need the root priveledges for my application to be able to access the tcb files. (my application is somewhat like the login service existing. it just accepts user name and password) i tried to chmod (u+s) the executable but it still failed. do you guys have any idea how I could do this?<BR /><BR />thanks so much! Mon, 21 Apr 2003 20:46:35 GMT https://community.hpe.com/t5/operating-system-hp-ux/question-about-pam-on-hpux11/m-p/2955740#M752667 mango_1 2003-04-21T20:46:35Z https://community.hpe.com/t5/operating-system-hp-ux/question-about-pam-on-hpux11/m-p/2955741#M752668 I am still kinda fuzzy on what the application explicitly does. But any time we have an app that has to run as root, but run by certain users, we use sudo. Sudo is free and available, I believe from HP's software site or the porting center.<BR /><BR />How sudo works is the root user will specify, in config files, what users can issue which commands. So in effect the user(s) would have a list of commands, that you set up for them, to execute, and the command runs as root. It is very slick and if you follow the examples etc, it is very safe.<BR /><BR /><BR />Try this link to download sudo :<BR /><BR /><A href="http://hpux.cs.utah.edu/hppd/hpux/Sysadmin/sudo-1.6.6/" target="_blank">http://hpux.cs.utah.edu/hppd/hpux/Sysadmin/sudo-1.6.6/</A><BR /><BR />and do a little searching on the ITRC forums about it.<BR /><BR />Good luck<BR /> Mon, 21 Apr 2003 20:53:49 GMT https://community.hpe.com/t5/operating-system-hp-ux/question-about-pam-on-hpux11/m-p/2955741#M752668 John Dvorchak 2003-04-21T20:53:49Z https://community.hpe.com/t5/operating-system-hp-ux/question-about-pam-on-hpux11/m-p/2955742#M752669 thanks for the replies! but i was wondering if there was a way that wouldn't use another software like sudo. couldn't I just issue the setuid command? if I want to use the root command, Can't I just use the setuid(0) in my application? sorry for the trouble. Mon, 21 Apr 2003 21:10:45 GMT https://community.hpe.com/t5/operating-system-hp-ux/question-about-pam-on-hpux11/m-p/2955742#M752669 mango_1 2003-04-21T21:10:45Z https://community.hpe.com/t5/operating-system-hp-ux/question-about-pam-on-hpux11/m-p/2955743#M752670 Melissa, you said you did 'chmod u+s' on the binary but didn't specify who owns the binary.<BR /><BR />The binary must be owned by root before you do the chmod on it. If not, you will see the type of problem you describe.<BR /> <BR />Try<BR />chown root:sys mylogin<BR />chmod 4755 mylogin<BR /><BR />That will give you the privileges you need to access the protected password files under /tcb.<BR /><BR /> Tue, 22 Apr 2003 18:19:26 GMT https://community.hpe.com/t5/operating-system-hp-ux/question-about-pam-on-hpux11/m-p/2955743#M752670 doug hosking 2003-04-22T18:19:26Z