Getting PAM authentication working

[arkdae]

I am unable to get the server to work when I start it with PAM authentication:

./lfs_server.sh -verbose -pam login -p 8080

I have gitolite return this:

ssh -l gitolite localhost git-lfs-authenticate
{
"href": "http://localhost:8080",
"header": {
"Authorization": "git_lfs git_lfs"
}
}

But lfs_server doesn't like the login/password:

Error 127.0.0.1 "POST /objects/batch HTTP/1.1" 401 Unauthorized "The authentication credentials are incorrect"

journalctl -f shows no activity, even though I added the debug keyword to PAM's /etc/pam.d/login auth lines. Conversely when I log in on this computer as git_lfs, it does show some output. So, I'm not convinced that lfs_server is actually consulting PAM here. Does the JSON output above need to have the Authorization field in base64 encoding? I could not find a definitive answer on that online, but looking at the git-lfs client code it seems that it does the base64 encoding itself.

Is there a way to see from lfs_server's point of view what the credentials are? I tried looking at this code but I do not know this programming language.

[artemkin]

Hmm... it should use PAM login service. Try to sudo lfs_server, because PAM may restrict access for regular users by default iirc.

[arkdae]

Even running it sudo gives me the exact same unauthorized error.