[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Bizarre PAM authentication failures



On Sat, 2001-11-17 at 21:45, David Retz wrote:

> Here's the problem: with certain passwords, it fails about 50% of the time -
> depending on the actual password of the test user.  That is, some passwords
> work, and others don't.
> 
> And here is what's really strange: the password check program authenticates
> correctly every time if su'd to root (if entering the correct password, of
> course).  However if NOT running as root, it fails about half the time even
> if I enter the right password; it works, depending on the actual value of the
> target password.  (Of course, login works correctly for the target user
> regardless of the password setting.)

Sounds to me like you have pam modules stacked and you have different
passwords stored in different authentication sources.  Perhaps one of
them is a shadow file, is is only readble by root.  Try running your
program using strace -e open.  That is, if you would normally run
./authtest bbird, try "strace -e open ./bbird".  That will give you all
the open calls that your progam makes.  My guess is that you will see a
line that looks like

open("/etc/shadow", O_RDONLY) = -1 EPERM (Permission denied)

Since your program is running as a non-privleged user, you cannot open
files that are only readable by root.  If the password that only works
as root is stored in /etc/shadow, this would explain why it only works
for root.

Mike








[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []