|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
stacking pam_unix's chauthtok() function
Subject: stacking pam_unix's chauthtok() function
From: Nalin Dahyabhai (nalin
redhat.com)
Date: Fri Jan 14 2000 - 17:50:29 CST
- Next message: Steve Langasek: "Re: stacking pam_unix's chauthtok() function"
- Previous message: Dave Airlie: "Re: PAM_SMB Authentication"
- Next in thread: Steve Langasek: "Re: stacking pam_unix's chauthtok() function"
- Reply: Steve Langasek: "Re: stacking pam_unix's chauthtok() function"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I've been experimenting with stacking modules in /etc/pam.d/passwd, and
have noticed that pam_unix always asks me for a password, even if my test
user account is neither in NIS nor in /etc/passwd. This looks to be
caused by pam_unix's assumption that a successful getpwnam() means that
it's able to change the user's password.
At the moment I'm testing a patch to pam_unix that looks specifically in
the NIS map and in /etc/passwd at the top of pam_sm_chauthtok() and returns
PAM_USER_UNKNOWN if the user is in neither of those.
Should this be changed in pam_unix, or would it become a security problem?
Thanks,
Nalin
-- To unsubscribe: mail -s unsubscribe pam-list-request
- Next message: Steve Langasek: "Re: stacking pam_unix's chauthtok() function"
- Previous message: Dave Airlie: "Re: PAM_SMB Authentication"
- Next in thread: Steve Langasek: "Re: stacking pam_unix's chauthtok() function"
- Reply: Steve Langasek: "Re: stacking pam_unix's chauthtok() function"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b27 : Fri Jan 14 2000 - 17:51:05 CST