Article delegate-en/3053 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]

Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: how to authenticate admins by other means than identd or ftp ?
12 Aug 2005 11:01:15 GMT Armin Wies <p44fqbdyi-rcwevegyz7tr.ml@ml.delegate.org>
http://freemail.web.de/



Hi Yutaka,

feedback@delegate.org schrieb am 11.08.05 13:40:28:

> "/-/admin" was tentatively implemented in 1995 in DeleGate/2.6.0, when
> there were not SSL, PAM, Digest Authentication, and ...
> After 10 years of leaving, now I'm reviewing and extending the remote
> administaraion.  It will be released as DeleGate/9.0.5 soon.

Great, I'm looking forward to the next release :-)


> Wait DeleGate/9.0.4 for a while.
> The enclosed patch is a small subset of it with which you can use it
> as this, when admin. user is to be authenticated as "dgadmin" with PAM:  
> 
>   MOUNT="/-/admin/* = AUTHORIZER=-pam" AUTH="admin:*:dgadmin"

I included the patch, but somehow -pam does not work for me:

08/12 12:47:12.35 [5231] 1+3: IGNORE request: Keep-Alive: 300^M
08/12 12:47:12.35 [5231] 1+3: Proxy: host=localhost; User-Agent: Mozilla/5..0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050805 Firefox/1.0.6; DIRECT
08/12 12:47:12.35 [5231] 1+3: HCKA:[0] keep-alive; host=localhost; (User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050805 Firefox/1.0.6)
08/12 12:47:12.35 [5231] 1+3: REQUEST - GET /-/admin/reauth HTTP/1.1^M
08/12 12:47:12.35 [5231] 1+3: REQUEST +M /-/admin/reauth HTTP/1.1^M
08/12 12:47:12.35 [5231] 1+3: [0.00,-1][AUTH cache-NONE] /var/spool/delegate-nobody/adm/authorizer/passwd.-.pam/1a109d2d88542b556d78fa819962960b-cache
08/12 12:47:12.54 [5231] 1+3: ## dgpam -a passwd dgadmin = HTTP/1.0 401^M
08/12 12:47:12.54 [5231] 1+3: ## Auth/PAM = -1 <dgadmin:****@-passwd.-.pam>
08/12 12:47:12.54 [5231] 1+3: AUTHORIZER=-pam host=[-pam] user=[dgadmin] -> NO
08/12 12:47:12.54 [5231] 1+3/1: HCKA:[1] closed -- a:authentication failure
08/12 12:47:12.58 [5231] 1+3/1: disconnected [39] -@[127.0.0.1]localhost:50478 (0.241s)(0)
08/12 12:47:42.58 [5231] 1+3: StickyServer done [acceptFailed] 3 req / 3 conn / 40 sec

I ran the server like this:
/usr/local/sbin/delegated -P8080 SERVER=http STLS=-fcl MOUNT="/-/admin/* = AUTHORIZER=-pam" AUTH="admin:*:dgadmin"

The user dgadmin exists (has even /bin/bash as shell), but somehow I'm not able to authenticate against PAM.
I thought it might be related to the fact that my /etc/pam.d/passwd just contained includes to "system-auth", so I copied "system-auth" to passwd. But this did'nt help also....
I'm running Gentoo-linux with pam-0.78-r2....

It seems that my dgpam always returns a 401.

What can I do to debug this ?

Best regards,
Armin

-- 
Armin Wies 
armin.wies@web.de 
_________________________________________________________________________
Mit der Gruppen-SMS von WEB.DE FreeMail können Sie eine SMS an alle 
Freunde gleichzeitig schicken: http://freemail.web.de/features/?mc=021179




  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V