|HylaFAX The world's most advanced open source fax server|
With your info I did some more experimenting. I first added FaxAdmin to the hosts.hfaxd but I have no idea what it may be trying to use for a password or if it should even have one for that matter. This made no difference. I then tried to modify the hfaxd.conf file and change the "#AdminGroup: FaxAdmin # which user group is admin (when using PAM)". I can un-comment this and change the UID to anything and it does pass it through this is what my LDAP server is picking up. I then checked and did a "ldd" on hfaxd and it is compiled for PAM. from here i took the liberty of creating a hylafax file in etc/pam.d/ following the hylafax handbook. No matter what i added to this file it made no difference to hfaxd or pam. It all acted the same no change. Not sure if there was something else needing configuring but this is all the Hylafax Manual covered. Now i have undone all my changes and now I am wondering how do i just block hfaxd from using PAM. do i have to recompile with out PAM or is there an easier way of blocking a service from using PAM?|
>>> On 10/16/2008 at 8:22 AM, in message <1637adde0810160622p4c4fc904m6e1e4b37c685559a@xxxxxxxxxxxxxx>, "Aidan Van Dyk" <aidan@xxxxxxxx> wrote:
Sorry, should have send this to -users list too.
2008/10/16 Aidan Van Dyk <aidan@xxxxxxxx>:
> 2008/10/16 Joe Kissner <jkissner@xxxxxxxxxxxxxxxx>:
>> Ok more info on this one. I have traced it back and the request is coming
>> from AvantFax when AvantFAX calls faxstat, faxalter, faxrm, sendfax, and
>> friends it causes this to happen. As best as i can tell hylafax just sees
>> this as apache making the request but for some reason dumps the request off
>> through PAM as faxadmin. Which we do use to authenticate on log in. My
>> question is: Is there a way to stop Hylafax from using PAM if nothing else
>> just to see if the AvantFax crew is correct or way off. I have tried adding
>> the "faxadmin" user but that didn't make one bit of difference.
> If HylaFAX is compiled with PAM, it *will* use pam (but only if no local
> hosts.hfaxd record matches). But it looks like it's not HylaFAX
> that's causing *this* LDAP query, but your base OS setup. "faxadmin"
> is the default value of "AdminGroup". hfaxd does a "getgrnam()" call
> on that to, and I'm guessing you've got your NSS setup to to LDAP
> queries automatically on users/groups.
Aidan Van Dyk aidan@xxxxxxxx
Senior Software Developer +1 215 825-8700 x8103
iFAX Solutions, Inc. http://www.ifax.com/
____________________ HylaFAX(tm) Users Mailing List _______________________
To subscribe/unsubscribe, click http://lists.hylafax.org/cgi-bin/lsg2.cgi
On UNIX: mail -s unsubscribe hylafax-users-request@xxxxxxxxxxx < /dev/null
*To learn about commercial HylaFAX(tm) support, mail sales@xxxxxxxxx*