Darren Tucker wrote:

> Peter Stuge wrote:
>> I recall there being a PAM test harness
>> which mimics what OpenSSH does - but I don't remember if it's
>> included in the distribution or available separately?

>
> http://www.zip.com.au/~dtucker/patches/#pamtest
>
> The "-a" option skips the pam_authenticate call which simulates what
> happens during a public-key authentication.


Hm. No difference between non-working and working user:

,----[ working user ]
| --($:~/Source/pamtest)-- ./pam-test-harness -a -u askwar
| $Id: pam-test-harness.c,v 1.30 2005/09/28 23:38:31 dtucker Exp $
| conversation struct {conv=0x112c8, appdata_ptr=0x23174}
| pam_start(login, askwar, &conv, &pamh) = 0 (Success)
| pam_get_item(pamh, PAM_SERVICE, ...) = 0 (Success)
| PAM_SERVICE = login (unchanged)
| pam_set_item(pamh, PAM_TTY, "/dev/pts/17") = 0 (Success)
| pam_set_item(pamh, PAM_RHOST, "winds06") = 0 (Success)
| pam_set_item(pamh, PAM_RUSER, "askwar") = 0 (Success)
| pam_acct_mgmt(pamh, 0x0) = 9 (Authentication failed)
| pam_end(pamh, 0) = 0 (Success)
`----

,----[ non-working user ]
| --($:~/Source/pamtest)-- ./pam-test-harness -a -u testing
| $Id: pam-test-harness.c,v 1.30 2005/09/28 23:38:31 dtucker Exp $
| conversation struct {conv=0x112c8, appdata_ptr=0x23174}
| pam_start(login, testing, &conv, &pamh) = 0 (Success)
| pam_get_item(pamh, PAM_SERVICE, ...) = 0 (Success)
| PAM_SERVICE = login (unchanged)
| pam_set_item(pamh, PAM_TTY, "/dev/pts/17") = 0 (Success)
| pam_set_item(pamh, PAM_RHOST, "winds06") = 0 (Success)
| pam_set_item(pamh, PAM_RUSER, "askwar") = 0 (Success)
| pam_acct_mgmt(pamh, 0x0) = 9 (Authentication failed)
| pam_end(pamh, 0) = 0 (Success)
`----

Both times, I get a "Authentication failed" message. Or am I using
the tool wrong?

Alexander Skwar

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/li...enssh-unix-dev