From owner-FreeBSD-users-jp@jp.freebsd.org  Tue Jan 18 20:01:09 2000
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id UAA28257;
	Tue, 18 Jan 2000 20:01:09 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from tortoise.jp.freebsd.org (root@tortoise.jp.FreeBSD.ORG [210.157.158.41])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id UAA28252
	for <FreeBSD-users-jp@jp.freebsd.org>; Tue, 18 Jan 2000 20:01:08 +0900 (JST)
	(envelope-from issei@issei.org)
Received: from mx1.issei.org (valkyrie.issei.org [3ffe:505:a:1:290:ccff:fea1:1ff2])
	by tortoise.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP/IPv6 id UAA02958
	for <FreeBSD-users-jp@jp.freebsd.org>; Tue, 18 Jan 2000 20:01:07 +0900 (JST)
	(envelope-from issei@issei.org)
Received: from localhost (tole.issei.org [210.254.221.68])
	by mx1.issei.org (8.9.3+3.2W/3.7W-v6) with ESMTP/IPv4 id UAA00899;
	Tue, 18 Jan 2000 20:01:05 +0900 (JST)
	(envelope-from issei@issei.org)
To: FreeBSD-users-jp@jp.freebsd.org
Cc: FreeBSD-beginners-jp@flathill.gr.jp
In-Reply-To: <20000118.171331.74754585.nin@smtp.shikoku.ne.jp>
References: <20000118.151510.74755293.nin@smtp.shikoku.ne.jp>
	<20000118153412Q.simokawa@sat.t.u-tokyo.ac.jp>
	<20000118.171331.74754585.nin@smtp.shikoku.ne.jp>
X-Mailer: Mew version 1.94.2pre8 on XEmacs 21.1 (Bryce Canyon)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Message-Id: <20000118200240P.issei@issei.org>
Date: Tue, 18 Jan 2000 20:02:40 +0900
From: Issei Suzuki <issei@issei.org>
X-Dispatcher: imput version 20000113(IM136)
Lines: 106
Reply-To: FreeBSD-users-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+990727
X-Sequence: FreeBSD-users-jp 49051
Subject: [FreeBSD-users-jp 49051] Re: XFree3.3.6 Authentication failed
Errors-To: owner-FreeBSD-users-jp@jp.freebsd.org
Sender: owner-FreeBSD-users-jp@jp.freebsd.org
X-Originator: issei@issei.org

In mail "[FreeBSD-users-jp 49046] Re: XFree3.3.6 Authentication failed"
Ninomiya Hideyuki <nin@shikoku.ne.jp> wrote:

> pam $B$C$F2?(B ? $B$@$C$?$N$G$9$,!"(Bjman pam $B$7$F>/$72r$j$^$7$?!#(B

  $B;d$O(B PAM $B$,=P$F$-$?GX7J$O!"<!$N$h$&$KM}2r$7$F$$$^$9!#(B


  $B$=$N@N!"(BUNIX $B$G$O!V%f!<%6G'>Z!W$O(B /etc/passwd (/etc/master.passwd) $B$K(B
$B5-=R$5$l$F$$$k%Q%9%o!<%I$rMQ$$$F9T$C$F$$$^$7$?!#;~$H>l9g$K$h$i$:!"A4$F(B

1. $BG'>Z$,I,MW$J>lLL$G$O!"%f!<%6$K%Q%9%o!<%I$rF~NO$7$F$b$i$&!#(B
2. $BF~NO$5$l$?%Q%9%o!<%I$H(B /etc/passwd (/etc/shadow, /etc/master.passwd) 
   $B$K3JG<$5$l$F$$$k%Q%9%o!<%I$r(B getpwnam() $B$r;H$C$FHf3S$7$F%A%'%C%/$9$k!#(B

$B$G:Q$^$;$F$$$?$o$1$G$9!#(B


  $B$=$N8e!"%M%C%H%o!<%/$NMxMQ$,;O$^$k$H!"(B

a) $B0BA4$J%M%C%H%o!<%/$J$$$G$O!"$$$A$$$A%Q%9%o!<%I$rF~NO$9$k$N$,LLE]$J$N(B
   $B$G>JN,$7$?$$(B
b) $B%M%C%H%o!<%/<+BN$,0BA4$H$O8@$($J$$>l9g(B (Internet $B$r2p$7$FDL?.$9$k>l9g(B
   $B$J$I(B) $B$K$O!"%W%l!<%s%F%-%9%H$K$h$kG'>Z$O%;%-%e%j%F%#%[!<%k$H$J$jF@$k(B
   $B$N$G!"$b$C$H0BA4$JG'>ZJ}K!$r%f!<%6$K6/@)$7$?$$!#(B
c) $B%^%7%s4V$GG'>Z$rE}0l$7$?$$!#(B

$B$J$IMM!9$J<{MW$,H/@8$7!"$=$l$K1~$8$F0J2<$N$h$&$JMM!9$JG'>ZJ}<0$,=P$F$-$^(B
$B$7$?!#(B

a) $B%W%l!<%s%F%-%9%H$K$h$k%Q%9%o!<%IG'>Z(B ($BEAE}E*$JJ}K!(B, NIS)
b) $B%Q%9%o!<%IITMW$N(B r $BG'>Z(B
c) $B0lJ}8~4X?t$r;H$C$?(B S/Key, OTP, APOP
d) SSH $B$N(B RSA $BG'>Z(B
e) Kerberos $BG'>Z(B
f) SSL

  $B$G!":$$C$?$N$,!"G'>Z$rMW5a$9$k%"%W%j%1!<%7%g%s$N:n<T$H%7%9%F%`4IM}<T$G(B
$B$9!#$?$H$($P(B ftpd, su, telnetd, xdm $B$9$Y$F$G(B S/Key $B$K$h$kG'>Z$rMxMQ$9$k(B
$B$?$a$K$O!"(Bftpd, su, telnetd ($BG'>Z$r(B login $B$KMj$C$F$k>l9g$K$O(B login),
xdm $B$N%W%m%0%i%`$K!"8DJL$K(B S/Key $B$K$h$kG'>Z%k!<%A%s$rAH$_9~$^$J$1$l$P$J(B
$B$j$^$;$s!#(B

  $B$3$l$G$OO+NO$,$+$+$k>e!"$I$N%W%m%0%i%`$,$I$N$h$&$JG'>Z$r5v2D$7$F$$$k$+!"(B
$B$H$$$&%5%$%H$NA4BNA|$,GD0.$7$E$i$/$J$j$^$9!#(B

  $B$=$3$G!"<B:]$NG'>Z$N;EAH$_$+$iFHN)$7$?HFMQ@-$N$"$kG'>Z%9%-!<%`$r:n$C$F!"(B
$B3F%"%W%j%1!<%7%g%s$O!"$=$N%9%-!<%`$,Ds6!$9$k(B API $B$r2p$7$FG'>Z$r9T$&$h$&(B
$B$K$7$h$&!"$H$$$&$3$H$G:n$i$l$?%9%-!<%`$,(B PAM $B$G$9!#(B


# $B0J2<!"(BFreeBSD 3.4-RELEASE $B$K0MB8$7$?5-=R%"%j!#(B

  PAM $B$G$O!"G'>Z$N<BAu$O6&M-%*%V%8%'%/%H(B /usr/lib/pam_*.so $B$G6!5k$5$l$^(B
$B$9!#(BPAM $B$OFbItE*$K6&M-%*%V%8%'%/%H$rFI$_9~$s$G!"$=$N%*%V%8%'%/%H$GG'>Z$r(B
$B9T$$$^$9!#$3$l$K$h$C$F!"G'>Z$rMW5a$9$kB&$N%"%W%j%1!<%7%g%s%W%m%0%i%`$N:F(B
$B%3%s%Q%$%k$J$7$K!"G'>ZJ}<0$NDI2C!&:o=|!"MW5a$9$kG'>ZJ}<0$N@_Dj$,2DG=$K$J$C(B
$B$F$$$^$9!#(B


> pam $B$C$F$N$rMxMQ$9$k%W%m%0%i%`$N>l9g<+A0$G(B /etc/pam.conf $B$rFI$_$K9T$-(B
> $B%m!<%I$9$Y$-%b%8%e!<%k$rC5$9$H$+$9$k$N$G$7$g$&$+(B?
> $B$"$!$C!"$=$N(B(servic$BL>;XDj$7$F%i%$%V%i%j$r%m!<%I$9$k(B)$B$?$a$N%i%$%V%i%j(B
> $B4X?t$,M-$k$s$G$9$M$C!"!"B?J,!#(B

  PAM $B$G$O!V$I$N%5!<%S%9$K!"$I$NG'>Z$rMW5a$9$k$+!)!W$r!"%5!<%S%9Kh$K@_Dj(B
$B$G$-$^$9$,!"$3$NBP1~4X78$r5-=R$9$k%U%!%$%k$,(B /etc/pam.conf $B$G$9!#(B

  $B%5!<%S%9L>$O(B PAM API $B$N0l$D(B pam_start() $B4X?t$r8F$S=P$9$H$-$NBh0l0z?t$G(B
$B7h$^$k$N$G$9$,!"$3$l$O(B xdm $B7PM3$N%m%0%$%s$G$O(B "xdm" (*1)$B!"(BXwrapper $B7PM3(B
$B$G(B X $B%5!<%P$r5/F0$9$k>l9g$K$O(B "xserver" (*2) $B$H$J$C$F$$$^$9!#(B

(*1) xc/programs/xdm/greeter/verify   Verify() $B;2>H(B
(*2) xc/programs/Xserver/os/wrapper.c main() $B;2>H(B


> $BF~$l$F8+$^$7$?!#(B
> 	$ cat /etc/pam.conf
> 	......
> 	## Don't break startx
> 	xserver auth    required        pam_permit.so
> $B$1$I!"A4$/>u67$OJQ$o$i$:!#$G$9!#(B
> 
> Xwrapper: no modules loaded for `xserver' service

  $B3NG'$;$:$K=q$-$^$9$,!"(B

xserver	auth	required	pam_permit.so
xserver	account required	pam_permit.so
xserver	session required	pam_permit.so

$B$H$9$k$H$I$&$J$j$^$9$+!)(B  auth $B$G$O$J$/!"(Baccount $B$+(B session $B$G0z$C3]$+$C(B
$B$F$k$s$8$c$J$$$+!"$H$$$&?dB,$J$s$G$9$,!#(B


p.s.

  PAM $B$NOC$O!"(BFreeBSD Handbook $B$N(B

  II. System Administration
     6. Security

$B$"$?$j$K$^$H$a$F=q$$$F$"$k$H!"=u$+$k?M$,B?$=$&$G$9$M!#(B


Issei.-
