HPE Community
Operating System - HP-UX
1847891 Members
1519 Online
104021 Solutions
New Discussion

question about pam on hpux11

 
SOLVED
Go to solution
mango_1
Frequent Advisor

‎04-21-2003 10:44 AM

‎04-21-2003 10:44 AM

question about pam on hpux11

hello! i'm having problems using the pam application i made which simply authenticates the user. I was wondering how come if I log in as root I dont have a problem using the application. I'm currently using hpux11 which uses tcb. Any help is much appreciated. thanks!
0 Kudos
Reply
9 REPLIES 9
John Dvorchak
Honored Contributor

‎04-21-2003 10:49 AM

‎04-21-2003 10:49 AM

Re: question about pam on hpux11

Like a wise man told me once "if it feels like a permsisions problem, it probably is". I don't know a thing about your Pam application but permissions is always a good place to start.
If it has wheels or a skirt, you can't afford it.
0 Kudos
Reply
mango_1
Frequent Advisor

‎04-21-2003 10:58 AM

‎04-21-2003 10:58 AM

Re: question about pam on hpux11

thanks for the advice. I've also looked into that possibility. but couldn't figure out where it had permission problems. I used truss to trace the application and i think the difference is in accessing the /tcb/files/auth/... its issuing an error 13 while as root its issuing error 2. is there a way to solve this?

thanks!
0 Kudos
Reply
Keith Buck
Respected Contributor

‎04-21-2003 11:06 AM

‎04-21-2003 11:06 AM

Re: question about pam on hpux11

Sounds like your application works if run as root, but not if it runs as another user? If I understood your question correctly, then this is expected behavior in trusted mode.

There are two reasons for this, from different perspectives.

1. One of the main features of trusted mode is the ability to hide the encrypted password from non-root users. Hence, non-root users can't try to authenticate, or they could attempt password guessing schemes.

2. It doesn't really do much good to authenticate a user if you can't switch to that user. Only root can do that anyway.

Hope that helps. If not, maybe you could clarify what you're trying to do in the application?
0 Kudos
Reply
mango_1
Frequent Advisor

‎04-21-2003 11:18 AM

‎04-21-2003 11:18 AM

Re: question about pam on hpux11

thanks for the help. really appreciate it! let me explain further. The application runs when I run it as myself or as root. the problem is when I use my application. my application actually tries to authenticate the user provided.

(e.g. mylogin is the name of my application and when I run it as: mylogin . It will fail when I log in as myself but will return success when I'm the root)

Please let me know if you need any additional information. thanks!
0 Kudos
Reply
mango_1
Frequent Advisor

‎04-21-2003 12:17 PM

‎04-21-2003 12:17 PM

Re: question about pam on hpux11

i encounter the error "No account present for user" even if the user is valid.

thanks again! :)
0 Kudos
Reply
mango_1
Frequent Advisor

‎04-21-2003 01:46 PM

‎04-21-2003 01:46 PM

Re: question about pam on hpux11

hi all! i think the problem is that i need the root priveledges for my application to be able to access the tcb files. (my application is somewhat like the login service existing. it just accepts user name and password) i tried to chmod (u+s) the executable but it still failed. do you guys have any idea how I could do this?

thanks so much!
0 Kudos
Reply
John Dvorchak
Honored Contributor

‎04-21-2003 01:53 PM

‎04-21-2003 01:53 PM

Re: question about pam on hpux11

I am still kinda fuzzy on what the application explicitly does. But any time we have an app that has to run as root, but run by certain users, we use sudo. Sudo is free and available, I believe from HP's software site or the porting center.

How sudo works is the root user will specify, in config files, what users can issue which commands. So in effect the user(s) would have a list of commands, that you set up for them, to execute, and the command runs as root. It is very slick and if you follow the examples etc, it is very safe.


Try this link to download sudo :

http://hpux.cs.utah.edu/hppd/hpux/Sysadmin/sudo-1.6.6/

and do a little searching on the ITRC forums about it.

Good luck
If it has wheels or a skirt, you can't afford it.
0 Kudos
Reply
mango_1
Frequent Advisor

‎04-21-2003 02:10 PM

‎04-21-2003 02:10 PM

Re: question about pam on hpux11

thanks for the replies! but i was wondering if there was a way that wouldn't use another software like sudo. couldn't I just issue the setuid command? if I want to use the root command, Can't I just use the setuid(0) in my application? sorry for the trouble.
0 Kudos
Reply
doug hosking
Esteemed Contributor

‎04-22-2003 11:19 AM

‎04-22-2003 11:19 AM

Solution

Re: question about pam on hpux11

Melissa, you said you did 'chmod u+s' on the binary but didn't specify who owns the binary.

The binary must be owned by root before you do the chmod on it. If not, you will see the type of problem you describe.

Try
chown root:sys mylogin
chmod 4755 mylogin

That will give you the privileges you need to access the protected password files under /tcb.

Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.