Successful login "fails" with Client Principle in

Posted by Simon L. Prinsloo on 27-Mar-2018 05:22

I have a peculiar situation with a login process that worked, the last time I used it a few weeks ago.

I would appreciate any ideas about how to debug this further.

I have a domain in the database with a custom authentication system using a PAM Callback Procedure. All databases are set to trust the Application Domain.

When the session reach "SECURITY-POLICY:SET-CLIENT (hPrincipal)", the AuthenticateUser callback executes successfully and reach the point where it assigns pintPAMStatus = PAMStatus:Success and then RETURN.

Adding a message just before the RETURN, I can see that pintPAMStatus is 1 (which is correct) and chrErrorMsg is "". The code then return to SECURITY-POLICY:SET-CLIENT (hPrincipal), but here everything breaks down. The LOGIN-STATE is "LOGIN", but the STATE-DETAIL is "General error detected in the PAM library" and the SEAL-TIMESTAMP is ?, so the CLIENT-PRINCIPAL is not sealed. Consequently, SECURITY-POLICY:SET-CLIENT (hPrincipal) returns FALSE. 

It also raise an error with the following messages:

client-principal authentication failed in Session because - Internal error in Authentication System library (16359)

Failed to set Session user id. (13691)

The only KB I can find referencing these two messages refers to a case where the PAM Callback Procedure had the wrong parameter definitions, but that is not the case here. The signature is correct and the messages inside the code block does appear on screen (client server) or in the AppServer log.

Any help will be appreciated.

All Replies

This thread is closed