SoftTree Technologies SoftTree Technologies
Technical Support Forums
RegisterSearchFAQMemberlistUsergroupsLog in
Unable to install/configure PAM authentication on Linux

 
Reply to topic    SoftTree Technologies Forum Index » 24x7 Scheduler, Event Server, Automation Suite View previous topic
View next topic
Unable to install/configure PAM authentication on Linux
Author Message
fkhalid



Joined: 16 Feb 2016
Posts: 16
Country: United States

Post Unable to install/configure PAM authentication on Linux Reply with quote
Hi,
We are trying to established server/client setup for 24x7 scheduler and trying to access the agent however it's giving following errors.

"Connection to remote host "mynewhost" failed"

Looking at documentation we tried following:

1. Download the Perl Authen::PAM module (Authen-PAM-0.12.tar.gz)
It is available at http://www.perl.com/CPAN/authors/id/N/NI/NIKIP/
2. cd /tmp
tar -zxvf Authen-PAM-0.15.tar.gz
cd Authen-PAM-0.15
perl Makefile.PL
make
make install


However this is failing with following errors:

[root@nyaddbatest01 Authen-PAM-0.16]# perl Makefile.PL
Checking if your kit is complete...
Looks good
checking for gcc... gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ANSI C... none needed
checking how to run the C preprocessor... gcc -E
checking for pam header files in... no
configure: error: cannot find the pam_appl.h file
Error in configuring the Authen::PAM module.


If we comment out everything from auth.pl and keep the following line, it successfully connect to the agent host.
print "OK";

So the problem appears to be PAM authentication setup related.
we have copied the files to pam.d directory too but it's not working for us.
---------------------------
- Add 'jscheduler' service configuration to system PAM files directory or
configuration file.
Here is an example for RedHat Linux:
cp <path>/pam/jscheduler /etc/pam.d/
----------------------------------

when I run auth.pl, i get following error.

/u01/app/247scheduler/auth.pl oracle asdasdas
Module is unknown

This is the exact error in debug.log file too.

----------------------------------------
2016-03-14 15:17:52,258 [RMI TCP Connection(4)-10.31.40.57] DEBUG com.softtreetech.jscheduler.business.agent.remote.RemoteAgentImpl - Authenticating user oracle
2016-03-14 15:17:52,261 [RMI TCP Connection(4)-10.31.40.57] DEBUG com.softtreetech.jscheduler.business.runner.security.SecurityService - authNativeUser: /u01/app/247scheduler/auth.pl
2016-03-14 15:17:52,400 [RMI TCP Connection(4)-10.31.40.57] DEBUG com.softtreetech.jscheduler.business.runner.security.SecurityService - Module is unknown
-----------------------------------------

Any help in this regard is highly appreciated as we have a working demo planned for Wednesday.
Mon Mar 14, 2016 3:20 pm View user's profile Send private message
SysOp
Site Admin


Joined: 26 Nov 2006
Posts: 7839

Post Reply with quote
Please have a look at http://stackoverflow.com/questions/15614823/pam-appl-h-and-pam-misc-h-missing-in-rshd-c-source-code

They say CentOS needs pam-devel rpm installed for that to work. Specific information is available at the end of the referenced article.

Hope that helps.
Mon Mar 14, 2016 5:04 pm View user's profile Send private message
fkhalid



Joined: 16 Feb 2016
Posts: 16
Country: United States

Post Reply with quote
Hi,
We have Red hat linux. Does this apply to our version too instead of CentOS?


uname -a
Linux nyadtest01 2.6.32-573.18.1.el6.x86_64 #1 SMP Wed Jan 6 11:20:49 EST 2016 x86_64 x86_64 x86_64 GNU/Linux
Tue Mar 15, 2016 10:24 am View user's profile Send private message
SysOp
Site Admin


Joined: 26 Nov 2006
Posts: 7839

Post Reply with quote
Yes, I believe it does
Tue Mar 15, 2016 10:29 am View user's profile Send private message
fkhalid



Joined: 16 Feb 2016
Posts: 16
Country: United States

Post Reply with quote
Thanks.
I was able to run the steps however I am still getting following errors in DEBUG.log file.


2016-03-15 10:43:46,205 [RMI TCP Connection(2)-10.31.40.57] DEBUG com.softtreetech.jscheduler.business.agent.remote.RemoteAgentImpl - Authenticating user oracle
2016-03-15 10:43:46,207 [RMI TCP Connection(2)-10.31.40.57] DEBUG com.softtreetech.jscheduler.business.runner.security.SecurityService - authNativeUser: /u01/app/scheduler247/auth.pl
2016-03-15 10:43:46,274 [RMI TCP Connection(2)-10.31.40.57] DEBUG com.softtreetech.jscheduler.business.runner.security.SecurityService - Module is unknown



FYI the make log.

----------------------------------------------------
[root@Authen-PAM-0.16]# perl Makefile.PL
Checking if your kit is complete...
Looks good
checking for gcc... gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ANSI C... none needed
checking how to run the C preprocessor... gcc -E
checking for pam header files in... security
checking for pam_getenv... yes
checking if pam_strerror takes a pam_handle_t argument... yes
checking for PAM_AUTHTOKEN_REQD... no
checking for PAM_NEW_AUTHTOK_REQD... yes
checking for PAM_AUTHTOK_EXPIRED... yes
checking for PAM_AUTHTOK_RECOVER... no
checking for PAM_AUTHTOK_RECOVERY... no
checking for PAM_BAD_ITEM... yes
checking for PAM_CONV_AGAIN... yes
checking for PAM_CRED_DELETE... no
checking for PAM_CRED_ESTABLISH... no
checking for PAM_CRED_REFRESH... no
checking for PAM_CRED_REINITIALIZE... no
checking for PAM_DELETE_CRED... yes
checking for PAM_ESTABLISH_CRED... yes
checking for PAM_REFRESH_CRED... yes
checking for PAM_REINITIALIZE_CRED... yes
checking for PAM_INCOMPLETE... yes
checking for PAM_MODULE_UNKNOWN... yes
checking for PAM_RADIO_TYPE... yes
checking for PAM_BINARY_PROMPT... yes
checking whether RTLD_GLOBAL is declared... yes
configure: creating ./config.status
config.status: creating pam.cfg
config.status: creating PAM.pm
config.status: creating PAM_config.h
Writing Makefile for Authen::PAM

[root@ Authen-PAM-0.16]# make
cp PAM/FAQ.pod blib/lib/Authen/PAM/FAQ.pod
cp PAM.pm blib/lib/Authen/PAM.pm
/usr/bin/perl /usr/share/perl5/ExtUtils/xsubpp -typemap /usr/share/perl5/ExtUtils/typemap -typemap typemap PAM.xs > PAM.xsc && mv PAM.xsc PAM.c
gcc -c -I. -D_REENTRANT -D_GNU_SOURCE -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O 2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -DVERSION=\"0.16\" -DXS_VERSIO N=\"0.16\" -fPIC "-I/usr/lib64/perl5/CORE" -DHAVE_CONFIG_H PAM.c
PAM.c: In function āXS_Authen__PAM_pam_endā:
PAM.xs:501: warning: unused variable āresā
PAM.c: In function āXS_Authen__PAM_pam_set_itemā:
PAM.xs:519: warning: unused variable āresā
PAM.c: In function āXS_Authen__PAM_pam_get_itemā:
PAM.xs:553: warning: unused variable āresā
PAM.c: At top level:
PAM.xs:91: warning: ānot_hereā defined but not used
Running Mkbootstrap for Authen::PAM ()
chmod 644 PAM.bs
rm -f blib/arch/auto/Authen/PAM/PAM.so
gcc -shared -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic PAM.o -o blib/ar ch/auto/Authen/PAM/PAM.so \
-lpam \

chmod 755 blib/arch/auto/Authen/PAM/PAM.so
cp PAM.bs blib/arch/auto/Authen/PAM/PAM.bs
chmod 644 blib/arch/auto/Authen/PAM/PAM.bs
Manifying blib/man3/Authen::PAM::FAQ.3pm
Manifying blib/man3/Authen::PAM.3pm

[root@Authen-PAM-0.16]# make install
Files found in blib/arch: installing files in blib/lib into architecture dependent library tree
Installing /usr/local/lib64/perl5/auto/Authen/PAM/PAM.so
Installing /usr/local/lib64/perl5/auto/Authen/PAM/PAM.bs
Installing /usr/local/lib64/perl5/Authen/PAM.pm
Installing /usr/local/lib64/perl5/Authen/PAM/FAQ.pod
Installing /usr/local/share/man/man3/Authen::PAM::FAQ.3pm
Installing /usr/local/share/man/man3/Authen::PAM.3pm
Appending installation info to /usr/lib64/perl5/perllocal.pod
Tue Mar 15, 2016 10:45 am View user's profile Send private message
SysOp
Site Admin


Joined: 26 Nov 2006
Posts: 7839

Post Reply with quote
It looks like you have successfully installed PAM and Authen-PAM module.

To test that all dependencies are in place, please run ./auth.pl test test command. What kind of output do you get?
Tue Mar 15, 2016 11:21 am View user's profile Send private message
fkhalid



Joined: 16 Feb 2016
Posts: 16
Country: United States

Post Reply with quote
HI,
I have tried that too and it is giving same error.

[oracle@:TESTDB] auth.pl oracle asdasdasd
Module is unknown


I noticed one thing with the configuration. there was requirement to copy the jscheduler file to /etc/pam.d/ directory.
We have copied that file however int he file, there are libraries mentioned which does not exist on os level.

FYI what I mean.

[oracle@jscheduler:TESTDB] cd /etc/pam.d/
[oracle@jscheduler:TESTDB] more jscheduler
#%PAM-1.0
auth required /lib/security/pam_pwdb.so shadow nullok
account required /lib/security/pam_pwdb.so
session required /lib/security/pam_pwdb.so

[oracle@:TESTDB] ls -ltr /lib/security/pam_pwdb.so
ls: cannot access /lib/security/pam_pwdb.so: No such file or directory


You can see that these files not present on host. May be this is the reason for the above errors.
Tue Mar 15, 2016 11:50 am View user's profile Send private message
SysOp
Site Admin


Joined: 26 Nov 2006
Posts: 7839

Post Reply with quote
I think you're correct. Do you have pam_unix.so?
Tue Mar 15, 2016 11:59 am View user's profile Send private message
fkhalid



Joined: 16 Feb 2016
Posts: 16
Country: United States

Post Reply with quote
Yes we do have pam_unix.so.

I have updated the jscheduler file and added this new entry and it worked.

[root@pam.d]# cat jscheduler
#%PAM-1.0
auth required pam_unix.so shadow nullok
account required pam_unix.so
session required pam_unix.so


./auth.pl oracle **********
OK


FYI debug.log too.
-----------------------------------
2016-03-15 12:08:13,131 [main] DEBUG com.softtreetech.jscheduler.JSchedulerStarter - startup() : loading preferences
2016-03-15 12:08:13,132 [main] DEBUG com.softtreetech.jscheduler.JSchedulerStarter - startup() : Setting shutdown event hook
2016-03-15 12:08:13,137 [main] DEBUG com.softtreetech.jscheduler.JSchedulerStarter - startup() : loading job db
2016-03-15 12:08:13,137 [main] DEBUG com.softtreetech.jscheduler.JSchedulerStarter - startup() : ready to run jobs
2016-03-15 12:08:39,802 [RMI TCP Connection(2)-10.31.40.57] DEBUG com.softtreetech.jscheduler.business.agent.remote.RemoteAgentImpl - Authenticating user oracle
2016-03-15 12:08:39,805 [RMI TCP Connection(2)-10.31.40.57] DEBUG com.softtreetech.jscheduler.business.runner.security.SecurityService - authNativeUser: /u01/app/247scheduler/auth.pl


Thank you very much for quick fix.
Tue Mar 15, 2016 12:09 pm View user's profile Send private message
SysOp
Site Admin


Joined: 26 Nov 2006
Posts: 7839

Post Reply with quote
Thank you for the status update. Please note this change is specific to your system type. Different PAM libraries are used by different *nix systems.
Tue Mar 15, 2016 12:28 pm View user's profile Send private message
fkhalid



Joined: 16 Feb 2016
Posts: 16
Country: United States

Post Reply with quote
Thanks for the quick fix.
Now i am stuck at web-based interface setup.
I have updated my other thread where i had raised this question.

http://www.softtreetech.com/support/phpBB2/viewtopic.php?t=24451
Tue Mar 15, 2016 12:41 pm View user's profile Send private message
Display posts from previous:    
Reply to topic    SoftTree Technologies Forum Index » 24x7 Scheduler, Event Server, Automation Suite All times are GMT - 4 Hours
Page 1 of 1

 
Jump to: 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


 

 

Powered by phpBB © 2001, 2005 phpBB Group
Design by Freestyle XL / Flowers Online.