[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PAM 0.75 and gdm 2.2.4



--- Steve Langasek <vorlon@netexpress.net> wrote:
> Hello,
> 
> On Sat, 8 Sep 2001, S. Park wrote:
> 
> > I've been using PAM 0.75 since I installed Linux
> From Scratch on one of
> > my workstation, and recently tried to upgrade gdm
> (>=2.2.4.0) since it
> > has nested servers feature. However, PAM refuses
> to "setcred" for gdm
> > login. With some digging up the source codes what
> I found was that gdm
> > now separated authentification and open session w/
> setcred in different
> > functions with some reasons related to setgid,
> etc.
> 
> > I tried to make a simple program mimicking the
> structure of gdm w/ some
> > sample codes in the PAM sources:
> > The main point is the first routine containing
> authentification ends
> > with pam_end call. Now this program promtly failed
> at the second
> > function which tried to setcred after pam_start
> call. The error code was
> > 6 (I think it is NO PERMISSION?)  I ran this
> program on a RH 7.1 which
> > use PAM 0.74, and it succeeded. I downgraded my
> PAM installation on the
> > LFS machine to 0.74, and the program works.
> 
> Hmm.  This is rather unfortunate.  GDM should *not*
> be calling pam_end()
> between the calls to pam_authenticate() and
> pam_setcred(); the pam_handle
> created by pam_start() is used by PAM to store
> internal state which must be
> retained between PAM calls.
> 
> What does your PAM config look like for the gdm
> service (/etc/pam.d/gdm)?  It
> is probably a specific PAM module that's failing in
> your case, rather than the
> PAM library itself.
> 
> Regards,
> Steve Langasek
> postmodern programmer
> 
> 
> 
> _______________________________________________
> Pam-list mailing list
> Pam-list@redhat.com
> https://listman.redhat.com/mailman/listinfo/pam-list

I've used both of a copy of pam.conf-login and Red Hat
pam.d/gdm:auth       required   pam_unix.so
auth       optional   pam_group.so
account    requisite  pam_time.so
account    required   pam_unix.so
password   required   pam_cracklib.so retry=3
password   required   pam_unix.so shadow md5
use_authtok
session    required   pam_unix.so
session    optional   pam_console.so

or

auth       required   pam_stack.so service=system-auth
auth       required   pam_nologin.so
account    required   pam_stack.so service=system-auth
password   required   pam_stack.so service=system-auth
session    required   pam_stack.so service=system-auth
session    optional   pam_console.s

I have a question regarding 0.74 and 0.75. Do you know
how 0.74 works w/ gdm and so on? The change made to
0.75 is a bug fix or backward incompatible change?

Regards.

__________________________________________________
Do You Yahoo!?
Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger
http://im.yahoo.com





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []