HPE Community
Operating System - HP-UX
1753797 Members
7596 Online
108799 Solutions
New Discussion юеВ

Re: troubles with /etc/pam.conf

 
SOLVED
Go to solution
David_246
Trusted Contributor

тАО03-07-2003 04:58 AM

тАО03-07-2003 04:58 AM

troubles with /etc/pam.conf

Hi,

I have quiet some difficulties with PAM.
We installed eTrust on our system which automaticly updated the /etc/pam.conf-file :

#
# eTrust integrate auth and account
#
login auth optional /usr/lib/security/pam_seos.sl
login account optional /usr/lib/security/pam_seos.sl

But when starting SAM --> Auditing and security --> Authenticated Commands --> Account/Password/Session/User Management

I get the error that "At least one entry in the pam.conf file is invalid". Looking at the manuals there is not an invalid entry.

When deleting the lines and trying to add a "Add Custom Application" from the Authenticated Commands menu manualy. It let me add the following :

Label --> eTrust
Command --> /usr/lib/security/pam_seos.sl
Supports --> Graphical and Terminal

Once I select the "Custom eTrust", it gives me a :
/usr/bin/sh: /usr/lib/security/pam_seos.sl: Execute permission denied.

The file, directory, everything is executable. Performing the command from the command line will not allow me to execute the command even though the filepermissions are :
-r-xr-xr-x 1 root sys 741328 Nov 13 19:12 pam_seos.sl

And for the directory :
dr-xr-xr-x 2 root bin 1024 Nov 13 19:12 /usr/lib/security/

Running a tusc (or truss) of the command does not show me anything interesting. Anyway the output is added as an attachment.

I realy hope for any help.


Regs David
@yourservice
0 Kudos
Reply
7 REPLIES 7
David_246
Trusted Contributor

тАО03-07-2003 05:05 AM

тАО03-07-2003 05:05 AM

Re: troubles with /etc/pam.conf

 
@yourservice
0 Kudos
Reply
Michael Steele_2
Honored Contributor

тАО03-08-2003 12:54 PM

тАО03-08-2003 12:54 PM

Re: troubles with /etc/pam.conf

Three thoughts come to mind:

1) SAM patches
2) chmod -R 777 file
3) usermod, useradd, userdel commands instead of SAM.

Regarding 1) Check for the latest SAM patches.

Regarding 2) Verify the integrity of your O/S with:
check_patches
-or-
swverify -x check_permissions=true \*
(* Read swverify.log and swagent.log *)

Regarding 3) Try modifying a user's account this way:

-usermod -g group account (* Change group *)

-usermod -s /usr/bin/ksh account (* Change shell *)

-/usr/sam/lbin/usermod.sam -F -p "" account (* will null password using SAM's usermod utility. *)

Finally, you can always swremove the eTrust application. (* I hope *)
Support Fatherhood - Stop Family Law
0 Kudos
Reply
David_246
Trusted Contributor

тАО03-10-2003 08:47 AM

тАО03-10-2003 08:47 AM

Re: troubles with /etc/pam.conf

Hi,

I am afraid this is not where I am looking for. I am looking for a solution for the pam.conf, not for creating users. eTrust also creates users without a problem. It's just that SAM doesn't work when creating an optinial Module for Authentication.
The patches are ok, thanks.

Regs David
@yourservice
0 Kudos
Reply
Denver Osborn
Honored Contributor

тАО03-10-2003 12:54 PM

тАО03-10-2003 12:54 PM

Re: troubles with /etc/pam.conf

Hi David,

You wouldn't need to add a "custom program" to SAM... it wouldn't work this way...

I think you may want to look to the /var/sam/ts/pam_mod.reg file. This file is the key to the initial error you recieved.. "At least one entry in the pam.conf file is invalid"

Does e-Trust add an entry in this file?

I'm looking for more info to help you out on this one.

-denver
0 Kudos
Reply
David_246
Trusted Contributor

тАО03-11-2003 03:43 AM

тАО03-11-2003 03:43 AM

Re: troubles with /etc/pam.conf

Hi Denver,

The file : /usr/lib/security/pam_seos.sl is not in the /var/sam/ts/pam_mod.reg.

There are several entries in there, but none is added (by eTrust).

Thanks for spending time on this problem !!


Regs David
@yourservice
0 Kudos
Reply
Denver Osborn
Honored Contributor

тАО03-11-2003 04:00 PM

тАО03-11-2003 04:00 PM

Solution

Re: troubles with /etc/pam.conf

Hi David,

I think you can resolve your problem by registering the module w/ sam.

# cd /var/sam/ts
# cp pam_mod.reg pam_mod.reg.orig
# vi pam_mod.reg

->append a similar entry:

/usr/lib/security/pam_seos.sl auth HP eTrust Configuration
/usr/lib/security/pam_seos.sl account HP eTrust Configuration

Now when you enter sam -> auditing & security -> auth cmds... it shouldn't complain about an invalid entry in the /etc/pam.conf file.

When you enter acct management or user auth, the "login" should now have "eTrust" listed as a second optional module.

Hope this helps,
-denver
Reply
David_246
Trusted Contributor

тАО03-11-2003 10:27 PM

тАО03-11-2003 10:27 PM

Re: troubles with /etc/pam.conf

Hi Denver,

You are the best !!!
Someone else asked me to use the following line in the pam_mod.reg, but still didn't work :
/usr/lib/security/pam_seos.sl auth SEOS Used By SEOS
/usr/lib/security/pam_seos.sl account SEOS Used By SEOS

Now it works !! without any problems. Thanks a lot for your help!!

Regs David
@yourservice
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.