Hi Doug!
On Tue, Mar 05, 2013 at 12:32:16PM +0800, Doug wrote:
I was wondering if someone could shed some light on how to use PAM with ngircd?
I've set PAM = yes, and PAMIsOptional = no, but I'm kind of fuzzy on how this is supposed to work.
The client connects with a nick and username, (in this case my username for both, douglasl).
But you/your client/"it" has to send a password using the PASS command, too :-)
The server rejects the connection, and logs:
[18632:6 5] Accepted connection 7 from 127.0.0.1:59814 on socket 6. [18906:3 5] PAM: Error on "douglasl" (douglasl!~douglasl@localhost): Authentication failure [18632:3 5] User "douglasl!~douglasl@localhost" rejected (connection 7): Bad password! [18632:6 5] Shutting down connection 7 (Bad password) with localhost:59814 ... [18632:5 5] Client "douglasl" unregistered (connection 7): Bad password [18632:6 5] Connection 7 with localhost:59814 closed (in: 0.1k, out: 0.0k).
Because you provided no password at all, if I understand you correctly?
Riiight. I'm pretty sure I've got pam working, because I can use pamtester well enough:
~/ngircd/pamtester-0.1.2/src# ./pamtester login douglasl authenticate Password: pamtester: successfully authenticated
I don't know "pamtester", but PAM requires a "service name", and if I understand it correctly, you are using "login" as service name in your example above; but ngIRCd uses – guess what? – "ngircd" :-)
So most probably you have to check your PAM setup for ngIRCd using something like this:
$ pamtester ngircd douglasl authenticate
So, the question is, how the irc client supposed to be supplying the password for the user?
It has to send a valid PASS command, _before_ it sends NICK and USER. For example (raw IRC commands):
PASS :password NICK :nickname USER login . . :Real Name
The raw commands to the server after connect are PASS / NICK / USER, which sound like they should be all I need.
Right.
Regards Alex