[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

return code of unix_chkpwd

From: Julien Soula <jsoula univ-lille2 fr>
To: Pluggable Authentication Modules <pam-list redhat com>
Subject: return code of unix_chkpwd
Date: Thu, 12 Apr 2007 15:22:52 +0200

hello,

I use ldap for account and I put something like that in PAM :

  auth [success=1 default=bad user_unknown=ignore] pam_unix.so 
  auth required pam_ldap.so use_first_pass
  ...

When root application authentificates a ldap user, there is no pb :
first module returns "user_unknown" and 2nd returns "success".

But when application is non-root, first module fails with "user_fail".
The reason is that the helper program "unix_chkpwd" has a dichotomic
return code :

        if ((retval != PAM_SUCCESS) || force_failure) {
            return PAM_AUTH_ERR;
        } else {
            return PAM_SUCCESS;
        }

Whereas it should return PAM_AUTH_UNKNOWN, it returns PAM_AUTH_ERR and
makes the module fails.

Is there a reason to this behaviour ?

Sincerly,
-- 
Julien
	<< Vous n'avez rien a dire... Parlons-en! >>

Attachment: signature.asc
Description: Digital signature

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]