Help with PAM in 3.4.4

Nathan_Sweet · January 25, 2008, 7:16pm

I have been running Openfire 3.3.2 for some time using PAM authentication without any issues. I just tried to upgrade to 3.4.4 and, suddenly, none of my users (including me) can authenticate via Spark, AdiumX, iChat, or the admin console. Does anyone have any ideas on this?

Here’s the error I get in warn.log:

2008.01.25 10:20:14 SaslException
javax.security.sasl.SaslException: PLAIN authentication failed Caused by javax.security.sasl.SaslException: PLAIN: user not authorized: nsweet
at org.jivesoftware.openfire.sasl.SaslServerPlainImpl.evaluateResponse(SaslServerPlainImpl.java:144)
at org.jivesoftware.openfire.net.SASLAuthentication.handle(SASLAuthentication.java:229)
at org.jivesoftware.openfire.net.StanzaHandler.process(StanzaHandler.java:152)
at org.jivesoftware.openfire.nio.ConnectionHandler.messageReceived(ConnectionHandler.java:132)
at org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived(AbstractIoFilterChain.java:570)
at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:299)
at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilterChain.java:53)
at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:648)
at org.apache.mina.filter.codec.support.SimpleProtocolDecoderOutput.flush(SimpleProtocolDecoderOutput.java:58)
at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:173)
at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:299)
at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilterChain.java:53)
at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:648)
at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:239)
at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:283)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:650)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:675)
at java.lang.Thread.run(Thread.java:595)
Caused by: javax.security.sasl.SaslException: PLAIN: user not authorized: nsweet
at org.jivesoftware.openfire.sasl.SaslServerPlainImpl.evaluateResponse(SaslServerPlainImpl.java:127)
... 17 more

When I turn on debugging, I can see that PAM is failing to authenticate, but I have no idea why:

2008.01.25 10:20:22 XMPPCallbackHandler: NameCallback: nsweet
2008.01.25 10:20:22 XMPPCallbackHandler: VerifyPasswordCallback
2008.01.25 10:20:22 NativeAuthProvider: pam_start ("openfire", "nsweet", ...) ==> 0 (Success)
2008.01.25 10:20:22 NativeAuthProvider:   PAM ECHO_OFF("(masked)") ==> password
2008.01.25 10:20:23 NativeAuthProvider:  pam_authenticate (...) ==> 7 (Authentication failure)
2008.01.25 10:20:23 NativeAuthProvider: pam_end (...) ==> 0 (Success)

Nathan_Sweet · January 28, 2008, 5:33pm

Bump.

This is pretty much a show stopper for me. We’re attracted to some of the features in the enterprise version, but if I can’t get this resolved, then the enterprise version won’t even be an option for us.

Thanks in advance.