mod_auth_pam on solaris 10

Jeff Saxton jeff_saxton at bigfix.com
Fri Jul 23 15:55:02 UTC 2010


Can you "k I n I t" (stupid autocorrect)
A short account?

Harald Falkenberg <harald.falkenberg at desy.de> wrote:


Hallo,

I found this list on http://pam.sourceforge.net/mod_auth_pam/ and hope
that somebody can help me in understanding the following problem.

I migrated an web-site using apache server 1.3.41 with mod_auth_pam v. 1.1.1
from a machine with solaris 8 (sparc) to  a maschine with solaris 10
(x86). In both cases I used the same software and just recompiled it.

When running the web-site on solaris 10, I noticed that the mod_auth_pam
module works fine as on solaris 8, but if the account name length is <= 4
it fails. The httpd service is configured in pam.conf to check against a
kerberos 5 server. - The same accounts, with account name length <= 4,
can authenticate on the old solaris 8 server.

I set pam in debugging mode and compared the function calls and return
values of the accounts. In all cases the accounts seem to authenticate
successfully.

So I was looking for other restrictions or implementation differences
between solaris 8 and solaris 10. The accounts I used for tests have in
all cases valid passwords and are not expired.

Does somebody have an idea on this list what might cause the strange
behaviour with the account name length?

regards
        Harald

_______________________________________________
Pam-list mailing list
Pam-list at redhat.com
https://www.redhat.com/mailman/listinfo/pam-list




More information about the Pam-list mailing list