[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Bizarre PAM authentication failures



I have implemented a test program modeled after the "check_user" example in
the PAM Application Developer's Guide Section 8.   This is just a simple
program running under a login (bash) shell that tries to authenticate a
user/password combination.

This was tested on two machines: one running RH 6.2 with PAM 0.72, and the
other with RH 7.2 with PAM 0.75.  Both exhibit something strange.

Here's the problem: with certain passwords, it fails about 50% of the time -
depending on the actual password of the test user.  That is, some passwords
work, and others don't.

And here is what's really strange: the password check program authenticates
correctly every time if su'd to root (if entering the correct password, of
course).  However if NOT running as root, it fails about half the time even
if I enter the right password; it works, depending on the actual value of the
target password.  (Of course, login works correctly for the target user
regardless of the password setting.)

I have tried the "off-the-shelf" conversation routine (misc_conv) that
prompts for a password, found in pam_misc, and also have created my own
conversation routine.  Both produce the same bizarre result.  So far, I
haven't been able to determine what it is that differentiates passwords that
"work" and ones that don't.

It also doesn't seem to matter whether I use the authentication module
pam_unix_auth.so or pam_pwdb.so.  When failing, it doesn't log anything in
syslog, but simply delays a couple of seconds, then produces error code 7
(PAM_AUTH_ERR).

Any ideas or similar experiences out there?

Dave








[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []