[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
  Web www.spinics.net

return code of unix_chkpwd


I use ldap for account and I put something like that in PAM :

  auth [success=1 default=bad user_unknown=ignore] pam_unix.so 
  auth required pam_ldap.so use_first_pass

When root application authentificates a ldap user, there is no pb :
first module returns "user_unknown" and 2nd returns "success".

But when application is non-root, first module fails with "user_fail".
The reason is that the helper program "unix_chkpwd" has a dichotomic
return code :

        if ((retval != PAM_SUCCESS) || force_failure) {
            return PAM_AUTH_ERR;
        } else {
            return PAM_SUCCESS;

Whereas it should return PAM_AUTH_UNKNOWN, it returns PAM_AUTH_ERR and
makes the module fails.

Is there a reason to this behaviour ?

	<< Vous n'avez rien a dire... Parlons-en! >>

Attachment: signature.asc
Description: Digital signature

Pam-list mailing list

[Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

Add to Google Powered by Linux