Frequently Asked Questions

Q: Authentication fails for all but the invoking user

A: You are probably using the pam_unix module on a shadowed system. For pam_unix it is not possible to check the passwords for any other than the invoking user if not root. See Q9 of the PAM FAQ. Choose a different authentication method, like LDAP, pwdb, MySQL, IMAP etc. Running your application as root is another possibility but this is not encouraged.

Q: Is there an overview of existing PAM modules?

A: While there is an official list of PAM modules the documentation of PAM modules remains very very poor. Please ask the module writers to write up a good documentation of their modules.

Q: I get an error message: libjaas-pam.so: undefined symbol: pam_get_item

A: You are using version 0.1 of the library. You must set the environment variable LD_PRELOAD=/lib/libpam.so prior to starting the Java VM. As of version 0.2 the library preloads PAM automatically and the environment variable is not necessary.

Q: I get an error message: java.lang.UnsatisfiedLinkError: no jaas-pam in java.library.path

A: The native library is not in Java's library path. Pick the solution that best suits you:

  • Make sure that you have compiled and installed the native library at all.
  • Make sure that the library was compiled on the same platform that it is installed on. Specifically compiling on x86_64 and then running it on an x86_32 (i386, i586, i686) System will not work without the proper settings for the compiler. You may look into cross compiling (-m32 GCC option).
  • Include the directory where the libjaas-pam.so library is in the environment variable LD_LIBRARY_PATH
  • Copy (or symlink) the library libjaas-pam.so to one of the standard library directories: /lib, /usr/lib or /usr/local/lib
  • Set the system property java.library.path to include the directory where the libjaas-pam.so library is. This is either done by the -D option of the Java executable or by calling System.setProperty in your Java code.

Q: This library is still alpha. When do you expect a stable version?

A: I made this library as a proof of concept. I have no real use for it. This means I am not actively developing it. Please use this library and make thorough tests. If you find problems please report them or send patches. I will be more than happy to make improvements.

Q: Licensing: This library is under the LGPL. May I use this library in a closed source commercial product?

A: Yes, absolutely. If you modify the library however you must offer the source code of your changes to your customer. Moreover I would be extremely glad if you tried to get your changes into the official codebase instead of running your own fork. This way you profit as well of less maintenance costs!

Q: Licensing: This library is under the LGPL. May I use and redistribute this library in BSD style licensed open source projects?

A: Yes, absolutely. BSD style licenses are more open than the LGPL. They allow closed source modifications to the code. The Apache license is a BSD style license. Open Source projects with BSD style license may link against and redistribute this library without special permission (this is my interpretation of the LGPL). The BSD style license however does not extend to this library - it is still LGPL. If this library is modified in any way those modifications must be open. But the LGPL does not make any provisions about the license of code that is not part of this library.