PAM Authentication Misconfigured
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
radicale (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
When radicale (v7.1) is set to use PAM, authentication always fails with the following messages:
`/var/log/auth.log`
2012-
2012-
2012-
2012-
2012-
2012-
`/var/log/
2012-10-22 14:01:27,481 - DEBUG: Sanitized path: /justin/calendar/
2012-10-22 14:01:27,481 - DEBUG: Request content:
<?xml version="1.0" encoding="UTF-8"?>
<D:propfind xmlns:D="DAV:" xmlns:CS="http://
2012-10-22 14:01:27,482 - INFO: Checking rights for collection owned by justin
2012-10-22 14:01:27,482 - DEBUG: User justin found
2012-10-22 14:01:27,483 - DEBUG: The PAM user belongs to the required group (radicale)
2012-10-22 14:01:31,747 - DEBUG: Wrong PAM password
2012-10-22 14:01:31,748 - INFO: justin refused
2012-10-22 14:01:31,748 - DEBUG: Answer status: 401 Unauthorized
`/etc/radicale/
[...]
auth=PAM
private_
pam_
[...]
`/etc/group`
radicale:
`/etc/pam.
auth [success=4 default=ignore] pam_unix.so nullok_secure
auth [success=3 default=ignore] pam_sss.so use_first_pass
auth [success=2 default=ignore] pam_ccreds.so minimum_uid=1000 action=validate use_first_pass
auth [default=ignore] pam_ccreds.so minimum_uid=1000 action=update
auth requisite pam_deny.so
auth required pam_permit.so
auth optional pam_ccreds.so minimum_uid=1000 action=store
`/etc/pam.d/login`
auth optional pam_faildelay.so delay=3000000
auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
auth requisite pam_nologin.so
session [success=ok ignore=ignore module_
session required pam_env.so readenv=1
session required pam_env.so readenv=1 envfile=
@include common-auth
auth optional pam_group.so
session required pam_limits.so
session optional pam_lastlog.so
session optional pam_motd.so
session optional pam_mail.so standard
@include common-account
@include common-session
@include common-password
session [success=ok ignore=ignore module_
When using ipython as root, the commands `import pam`; `pam.authentica
no longer affects: | pam |
Status changed to 'Confirmed' because the bug affects multiple users.