Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: pam_tally and fail_locktime
From: Tomas Mraz (tmrazredhat.com)
Date: Thu Oct 20 2005 - 08:53:52 CDT
On Tue, 2005-10-04 at 17:15 -0700, Dan Hollis wrote:
> On Wed, 5 Oct 2005, Benjamin Donnachie wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > Dan Hollis wrote:
> >> pam_abl works great in general, though it doesnt work at all on x86_64
> >> at the moment. maybe someone more clued on pam can fix it.
> >> http://www.hexten.net/bugzilla/show_bug.cgi?id=12
> > I understand that the way pam_abl detects the end of a failed auth
> > attempt is dependent upon services calling the PAM functions in a
> > particular way - perhaps this is different on x86_64s to their predecessors?
> "After doing some tests, I have found that the cleanup function registered
> by pam_set_data is never called."
> whether the bug is in x86_64 pam or in pam_abl is unknown at the moment.
> but ia32 pam_abl works fine.
> if the api for x86_64 pam is different, sounds like a pam bug to me. but
> afaik no other applications that use pam have breakage like this, so i'm
> going to assume it's a pam_abl bug.
I've tested pam data cleanup with pam_unix on x86_64 machine and all
works well - the cleanup function is called on both pam_set_data
(replacing the old data) and pam_end.
So the bug has to be definitely in pam_abl.
Tomas Mraz <tmrazredhat.com>
Pam-list mailing list