# PAM Application Example does not work



## phillipewu (Jul 19, 2010)

There is an exmple in Appendix A,  "Sample PAM Application" in Pluggable Authentication Module on the FreeBSD site which I cannot get to work. 

Can someone spot the problem? Is it a PAM configuration problem? Is it a coding problem?

I am currently signed in as user1 and attempting to su (switch user) to testu who has a password of testu.

Do I need to be signed in as root to run the "su" program?

This is the critical part of the code:

```
/* initialize PAM */
        pamc.conv = &misc_conv;
        pam_start("su", user, &pamc, &pamh);

        /* set some items */
        if (strlen(hostname)==0) gethostname(hostname, sizeof(hostname));
        if (user==0) getlogin();
        tty = ttyname(STDERR_FILENO);

        printf("host %s user %s tty %s\n",hostname,user,tty);
        if ((pam_err = pam_set_item(pamh, PAM_RHOST, hostname)) != PAM_SUCCESS)
                goto pamerr;
        if ((pam_err = pam_set_item(pamh, PAM_RUSER, user)) != PAM_SUCCESS)
                goto pamerr;
        if ((pam_err = pam_set_item(pamh, PAM_TTY, tty)) != PAM_SUCCESS)
                goto pamerr;

        /* authenticate the applicant */
        if ((pam_err = pam_authenticate(pamh, 0)) != PAM_SUCCESS) {
                printf("pam_authenticate() failed\n");
                fprintf(stderr, "Sorry\n");
                fprintf(stderr,"%s\n",pam_strerror(pamh,pam_err));
                goto pamerr;
        }
```
I get a PAM "Authentication Failure". 

This is the run:

```
./su testu
host myserver user testu tty /dev/pts/1
Password: 
pam_authenticate() failed
Sorry
Authentication failure
```

Thanks for any assistance


----------



## anomie (Jul 19, 2010)

What FreeBSD version? 

`% uname -rms`

Anything logged to /var/log/auth.log?


----------



## phillipewu (Jul 20, 2010)

I am running this on Redhat Linux 4. The reason I am posting the query here
is that the coding example came from the FreeBSD site and I did not get any reply
from the Linux forum.

There is an error message on the /var/log/messages:

```
Jul 19 16:06:45 myserver su(pam_unix)[17393]: authentication failure; logname=user1 uid=500 euid=500 tty=/dev/pts/1 ruser=testu 
rhost=myserver user=testu
```


----------



## anomie (Jul 20, 2010)

Problem is: FreeBSD is using OpenPAM, and RHEL4 (I think) is using Linux-PAM. The first thing I would do to narrow down problems is try running your code on a FBSD install. (You can quickly set up a system within Virtualbox, for instance.) 

No reason to bang your head against the wall if the problem cause is an incompatibility. If you get the same error on your FBSD install, _then_ we have a legitimate scenario to start troubleshooting...

Alternatively, if the end game is to get this running on RHEL4, then maybe a FreeBSD example is not the right starting point.


----------



## expl (Jul 23, 2010)

Your app needs to be ran by root or with +s bit set on it. PAM will fail otherwise, it would also be impossible for you to change your uid/gid without it.


----------

