Re: Pam for encrypt password
This is a discussion on Re: Pam for encrypt password within the Informix forums, part of the Database Server Software category; --> Hi, quick thought: not sure that this can be the problem cause?: in your sqlhosts file, there seems to ...
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-20-2008, 04:29 PM
| ||||
| ||||
 Re: Pam for encrypt password Hi, quick thought: not sure that this can be the problem cause?: in your sqlhosts file, there seems to be a space character between "...(other)" and ",pamauth...". Please check this. No spaces, no line feeds, etc. in this place. Regards, Martin -- Martin Fuerderer IBM Informix Development Munich, Germany Information Management IBM Deutschland GmbH Chairman of the Supervisory Board: Hans Ulrich Märki Board of Management: Martin Jetter (Chairman), Rudolf Bauer, Christian Diedrich, Christoph Grandpierre, Matthias Hartmann, Thomas Fell, Michael Diemer Corporate Seat: Stuttgart, Germany; Reg.-Gericht: Amtsgericht Stuttgart, HRB-Nr.: 14 562 WEEE-Reg.-Nr. DE 99369940 informix-list-bounces@iiug.org wrote on 31.10.2007 09:43:13: > Hello, all. > > I have problem with PAM (Pluggable Authentication Module). > I have IBM Informix Dynamic Server Version 9.40.UC8 on Solaris 9. > I can't to adapt Informix for users authorization by PAM. > In the past he used the traditional UNIX encryption algorithm for > encrypting passwords for /etc/shadow. But encryption algorithm was > changed one month ago on Blowfish. > Now we have situation: > > In sqlhosts we have > Ids_serv ontlitcp mach sqlexec1 > s=4,pam_serv=(other) ,pamauth=(password) > > All users with password which was encrypted by traditional UNIX > encryption algorithm authorize successfully. But all users with > password which was encrypted by Blowfish get error -1812. > > How I can adapt Informix for users authorization by PAM with Blowfish. > > PAM.CONF > login auth requisite pam_authtok_get.so.1 > login auth required pam_dhkeys.so.1 > login auth required pam_unix_auth.so.1 > login auth required pam_dial_auth.so.1 > # > # rlogin service (explicit because of pam_rhost_auth) > # > rlogin auth sufficient pam_rhosts_auth.so.1 > rlogin auth requisite pam_authtok_get.so.1 > rlogin auth required pam_dhkeys.so.1 > rlogin auth required pam_unix_auth.so.1 > # > # rsh service (explicit because of pam_rhost_auth, > # and pam_unix_auth for meaningful pam_setcred) > # > rsh auth sufficient pam_rhosts_auth.so.1 > rsh auth required pam_unix_auth.so.1 > # > # PPP service (explicit because of pam_dial_auth) > # > ppp auth requisite pam_authtok_get.so.1 > ppp auth required pam_dhkeys.so.1 > ppp auth required pam_unix_auth.so.1 > ppp auth required pam_dial_auth.so.1 > # > # Default definitions for Authentication management > # Used when service name is not explicitly mentioned for > authenctication > # > other auth requisite pam_authtok_get.so.1 > other auth required pam_dhkeys.so.1 > other auth required pam_unix_auth.so.1 > # > # passwd command (explicit because of a different authentication > module) > # > passwd auth required pam_passwd_auth.so.1 > # > # cron service (explicit because of non-usage of pam_roles.so.1) > # > cron account required pam_projects.so.1 > cron account required pam_unix_account.so.1 > ## Default definition for Account management > # Used when service name is not explicitly mentioned for account > management > # > other account requisite pam_roles.so.1 > other account required pam_projects.so.1 > other account required pam_unix_account.so.1 > # > # Default definition for Session management > # Used when service name is not explicitly mentioned for session > management > # > other session required pam_unix_session.so.1 > # > # Default definition for Password management > # Used when service name is not explicitly mentioned for password > management > # > other password required pam_dhkeys.so.1 > other password requisite pam_authtok_get.so.1 > other password requisite pam_authtok_check.so.1 > other password required pam_authtok_store.so.1 > # > # Support for Kerberos V5 authentication (uncomment to use Kerberos) > # > #rlogin auth optional pam_krb5.so.1 try_first_pass > #login auth optional pam_krb5.so.1 try_first_pass > #other auth optional pam_krb5.so.1 try_first_pass > #cron account optional pam_krb5.so.1 > #other account optional pam_krb5.so.1 > #other session optional pam_krb5.so.1 > #other password optional pam_krb5.so.1 try_first_pass > > > > > POLICY.CONF > # Copyright 1999-2002 Sun Microsystems, Inc. All rights reserved. > # Use is subject to license terms. > # > # /etc/security/policy.conf > # > # security policy configuration for user attributes. see > policy.conf(4) > # > #ident "@(#)policy.conf 1.6 02/06/19 SMI" > # > AUTHS_GRANTED=solaris.device.cdrw > PROFS_GRANTED=Basic Solaris User > > # crypt(3c) Algorithms Configuration > # > # CRYPT_ALGORITHMS_ALLOW specifies the algorithms that are allowed to > # be used for new passwords. This is enforced only in > crypt_gensalt(3c). > # > CRYPT_ALGORITHMS_ALLOW=1,2a,md5 > > # To deprecate use of the traditional unix algorithm, uncomment below > # and change CRYPT_DEFAULT= to another algorithm. For example, > # CRYPT_DEFAULT=1 for BSD/Linux MD5. > > _______________________________________________ > Informix-list mailing list > Informix-list@iiug.org > http://www.iiug.org/mailman/listinfo/informix-list      |
Linear Mode
