PAM how, exactly?

Hi all,

How exactly does one enable PAM authentication? The url=http://www.jivesoftware.org/builds/wildfire/docs/latest/documentation/javado c/index.htmljavadocs indicate[/url] that one places this block in the wildfire.xml file. (I assume replacing the default provider/LDAP block?)

[/i]

However, from there it gets a bit murky. Where does one configure the nativeAuth.domain[/i] property, and with what syntax? The paragraph in the docs suggests that the name should match the /etc/pam.d/filename, but the linked Shaj documents say the file should be /etc/pam.d/shaj .

Thank you,

Andrew

Hi Andrew,

I have a working PAM config. I also had to deal with the same issues…

The shaj docs say that you have to set up the /etc/pam.d/shaj file (as if shaj was a service, meaning it is expecting that you manually set the domain property to shaj, which is just an example). It also says that if you don’‘t set the domain property it will default to other (that’'s /etc/pam.d/other). So, what I did was the following:

  • Create /etc/pam.d/wildfire with the required PAM settings
  • Set the providers as you did
  • Set the nativeAuth.domain property to wildfire
    Hope it helps and please let me know if you have any problem. Regards,

Thank you, Peralta. How is the nativeAuth.domain property defined in the file? Do you just drop it in after the provider block?

[/i]

I feel like this should be obvious, but this combination of XML and java methods is really throwing me for a loop.

Thanks!

Good luck!

Ah ha!

Thank you! The way the docs are worded, I’'d interpreted “domain” as a variable to be substituted with the filename, not as an element of the property.

Hi folks!

I am also trying to integrate PAM, but it’'s not working. I must have missed a step somewhere, but where…

Here’‘s what I’'ve done:

  1. Added the following to the wildfire.xml file

  2. copied shaj-0.5.jar to the wildfire/lib directory

  3. copied libshaj.so tot he /usr/local/lib

  4. restarted wildfire

No errors, warnings, or anything. When I try to log a user onto the wildfire server, it reports not authorized.

I am able to logon to the admin page using my admin user/password (as well as my test user which is not a linux user), so it appears to not be integrated to PAM.

I am using wildfire 2.5.0 and it is connected to a postgresql backend.

The info.log says the following:

2006.05.08 23:17:29 Multi User Chat domain: conference.c126215

2006.05.08 23:17:29 Started server (unencrypted) socket on port: 5269

2006.05.08 23:17:29 Started plain (unencrypted) socket on port: 5222

2006.05.08 23:17:33 Started SSL (encrypted) socket on port: 5223

2006.05.08 23:17:33 Wildfire 2.5.0

2006.05.08 23:17:43 Admin console listening at:

http://c126215:9090

https://c126215:9091

Thanks.

Never mind, apparently case matters. classname is NOT the same as className. =)

Message was edited by: karvinm

hey guys, i’‘m new. i’‘d like to get PAM authentication working. i added everything into the wildfire.xml that karvinm did, and copied the shaj files. now, i’'m not entirely sure how to configure the pam.d file. in my /etc/pam.d/wildfire file, i have

auth required pam_unix.so

i’'d like PAM to authenticate against the local password database. when i try to login to spark with an account on the Linux box, i get an invalid name/password.

i’'m using ubuntu 6.06, freshly installed with samba (which is working), and wildfire.

i’'m new to PAM, so i might have done something totally wrong, but i would appreciate it if you would help me out. thanks!

edit: should probably say that i want to be able to create a UNIX accoutn using useradd or something, and then instantly be able to log into wildfire (using spark as a client) with that username/password combo. i’'d also like the reverse to work, registering from spark and it making a unix account.

–SneakerElph

Message was edited by: SneakerElph

If you want to use the server’'s local password file, you can probably specify whichever pam file is used for system logins – /etc/pam.d/sshd or /etc/pam.d/system-auth .

hmm… can’‘t seem to get it working. i think i’‘m configuring PAM wrong, since Wildfire gives me a bad password when i use PAM, but when i use its internal password thing i can login. i’'ve tried linking to common-auth, ssh, samba, among others, and also configureing /etc/pam.d/wildfire with

auth required pam_unix_acct.so

and

auth required pam_unix_auth.so

any ideas? can someone post a working PAM config. can someone tell me how to authenticate agaist samba maybe? samba actually might be better than the actual system accounts.

i really hate to do this, but i need to get this working…

bump.

I am having this problem on an install trying to configure wildfire through PAM to use unix logins. The code all seems to be loading and running fine, but I get the pam_start, pam_authenticate authentication failed and pam_end messages in the debug log. I installed from RPM and from source onto a fresh build of CentOS4 but I could not get anything to login from the admin console or XMPP. Not sure if it is rejecting my credentials or if it means there is an error.

Any ideas?