pam_tally and fail_locktime
Tomas Mraz
tmraz at redhat.com
Thu Oct 20 13:53:52 UTC 2005
On Tue, 2005-10-04 at 17:15 -0700, Dan Hollis wrote:
> On Wed, 5 Oct 2005, Benjamin Donnachie wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > Dan Hollis wrote:
> >> pam_abl works great in general, though it doesnt work at all on x86_64
> >> at the moment. maybe someone more clued on pam can fix it.
> >> http://www.hexten.net/bugzilla/show_bug.cgi?id=12
> > I understand that the way pam_abl detects the end of a failed auth
> > attempt is dependent upon services calling the PAM functions in a
> > particular way - perhaps this is different on x86_64s to their predecessors?
>
> "After doing some tests, I have found that the cleanup function registered
> by pam_set_data is never called."
>
> whether the bug is in x86_64 pam or in pam_abl is unknown at the moment.
> but ia32 pam_abl works fine.
>
> if the api for x86_64 pam is different, sounds like a pam bug to me. but
> afaik no other applications that use pam have breakage like this, so i'm
> going to assume it's a pam_abl bug.
I've tested pam data cleanup with pam_unix on x86_64 machine and all
works well - the cleanup function is called on both pam_set_data
(replacing the old data) and pam_end.
So the bug has to be definitely in pam_abl.
--
Tomas Mraz <tmraz at redhat.com>
More information about the Pam-list
mailing list