Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

Failed login webmin, pam_ck_connector issues

Vang Le
2011-11-08
2013-05-22
  • Vang Le
    Vang Le
    2011-11-08

    Hello,
    I was able to login to webmin, but when I setup and got LDAP authentication working then I failed to log into webmin. The /var/log/auth.log says:


    Nov  7 11:37:49 localhost perl: pam_unix(webmin:session): session opened for user testuser by (uid=0)
    Nov  7 11:37:49 localhost perl: pam_ck_connector(webmin:session): cannot determine display-device
    Nov  7 11:37:50 localhost webmin: Invalid login as testuser from 172.31.255.137


    This is content of my /etc/pam.d/common-session
    # here are the per-package modules (the "Primary" block)
    session pam_permit.so
    # here's the fallback if no module succeeds
    session requisite pam_deny.so
    # prime the stack with a positive return value if there isn't one already;
    # this avoids us returning an error just because nothing sets a success code
    # since the modules above will each just jump around
    session required pam_permit.so
    # and here are more per-package modules (the "Additional" block)
    session required pam_unix.so
    session optional pam_ldap.so
    session optional pam_ck_connector.so nox11
    # end of pam-auth-update config


    I am running Ubuntu Server 10.04.3 LTS .

    Very much appreciate if you can give some hints :-)

     
  • Vang Le
    Vang Le
    2011-11-08

    Hi,

    Following FAQ gave me some hints:

    How can I make a Webmin user always use the same password as Unix?
    This can be done by following these steps :
    In the Perl Modules module of Webmin, install Authen::PAM from CPAN.
    In the PAM Authentication module, add a new PAM service called webmin that uses Unix authentication.
    In the Webmin Users module, click on the user that you want to symchronize with Unix and set his Password option to Unix Authentication.
    If PAM is not used on your operating system, the first two steps can be skipped. Webmin will instead read the /etc/passwd or /etc/shadow file directly to authenticate users who are using the Unix Authentication password mode.
    =============================
    Therefore my temporary fix is to modify following files:
    In:
    /etc/webmin/webmin.acl
    duplicate the line starts with "admin"
    and replace "admin" with desired username.
    In:
    /etc/webmin/miniserv.users
    do the same as above. Of course the line contents are different.

    However I still hope to have better solution.