From: lioupayphone (lioupayphonegmail.com)
Date: Thu Dec 04 2008 - 00:40:24 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello, every on in pam-list.
        
i have a question to ask, it is about auth of PAM.

there are two OSs on my hand, one is old FC4_2.6.17 with PAM-0.79-96 and the other is CentOS5.2_2.6.18 with PAM-0.99.

i started 2 daemons on the two different OSs for authenticating users with their passwords (one daemon on each OS). obviously, the auth MUST be supported by Linux-PAM .

my pam-conf is "/etc/pam.d/mybase", it is listed below:
----
#%PAM-1.0
auth include system-auth
account include system-auth
password include system-auth
----

i started a auth-request from the third machine to the two daemons with a non-exist username, but the results from the two daemons are different:
1) result from the daemon running on FC4 shows us that the password is invalid.
2) result from the daemon running on CentOS shows us that the username is invalid.

i think the result from CentOS makes sense. so i diff-ed the source code of PAM-0.79 and PAM-0.99, found may be there is a bug in _unix_verify_password(), unix_chkpwd.c of PAM-0.79. if it is a bug, it was fixed in PAM-0.99.
----
        if (pwd == NULL || salt == NULL) {
                _log_err(LOG_ALERT, "check pass; user unknown");
                p = NULL;
                return retval; /* once came here, "UNIX_FAILED" will be returned, but i think "PAM_USER_UNKNOWN" should be returned just like PAM-0.99 */
        }
----

thank you.
                                 
Best Regards!
lioupayphone

_______________________________________________
Pam-list mailing list
Pam-listredhat.com
https://www.redhat.com/mailman/listinfo/pam-list

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]