Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG  Not logged in ELOG logo
icon5.gif   PAM authentication question, posted by David Wallis on Tue Nov 5 21:42:50 2019 
    icon2.gif   Re: PAM authentication question, posted by Jan Christoph Terasa on Sun Nov 17 14:55:11 2019 
       icon2.gif   Re: PAM authentication question, posted by David Wallis on Thu Nov 21 18:10:28 2019 
          icon2.gif   Re: PAM authentication question, posted by Jan Christoph Terasa on Thu Dec 19 17:46:33 2019 
          icon2.gif   Re: PAM authentication question, posted by Laurent Jean-Rigaud on Fri Jan 24 17:33:14 2020 
             icon2.gif   Re: PAM authentication question, posted by Jan Christoph Terasa on Fri Jan 24 18:13:03 2020 
                icon2.gif   Re: PAM authentication question, posted by Laurent Jean-Rigaud on Fri Jan 24 18:22:52 2020 
                   icon2.gif   Re: PAM authentication question, posted by Laurent Jean-Rigaud on Fri Jan 31 15:39:17 2020 
Message ID: 69055     Entry time: Tue Nov 5 21:42:50 2019     Reply to this: 69059
Icon: Question  Author: David Wallis  Author Email: wallis@aps.anl.gov 
Category: Question  OS: Linux  ELOG Version: V3.1.4-ba84827 
Subject: PAM authentication question 

I'm testing the PAM authentication feature, and have a couple questions, a suggestion, and a comment.

First the comment... it was pretty easy to get working, and is exactly what we need here, so thanks! Our PAM stack here is designed to allow logins with Active Directory, LDAP, or local accounts, so the PAM option preserves all of that.

The suggestion: In order to make it work, I had to add a symbolic link in /etc/pam.d:
    elogd -> system-auth
That might be considered for addition to the documentation (this was on Red Hat Enterprise Linux 7.7)

The questions:

  1. The docs indicate that "Self register" must be set to >= 1, but in the code (elogd.c, line 26453), if the PAM module is enabled, Self register is overriden to 0. The result is that no "register as new user" link is displayed on the login screen. Is that the intent?
  2. Related... can PAM and File authentication both be enabled? We have some logbooks that are used by both internal people (with an A/D account) and outside collaborators that get local elog accounts. This works with LDAP + File, can it work with PAM?

Thanks in advance!

ELOG V3.1.5-fe60aaf