[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Google
  Web www.spinics.net

return code of unix_chkpwd



hello,

I use ldap for account and I put something like that in PAM :

  auth [success=1 default=bad user_unknown=ignore] pam_unix.so 
  auth required pam_ldap.so use_first_pass
  ...

When root application authentificates a ldap user, there is no pb :
first module returns "user_unknown" and 2nd returns "success".

But when application is non-root, first module fails with "user_fail".
The reason is that the helper program "unix_chkpwd" has a dichotomic
return code :

        if ((retval != PAM_SUCCESS) || force_failure) {
            return PAM_AUTH_ERR;
        } else {
            return PAM_SUCCESS;
        }

Whereas it should return PAM_AUTH_UNKNOWN, it returns PAM_AUTH_ERR and
makes the module fails.

Is there a reason to this behaviour ?

Sincerly,
-- 
Julien
	<< Vous n'avez rien a dire... Parlons-en! >>

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

[Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

Add to Google Powered by Linux