[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: LinuxPAM and sshd: changing conversation function doesn't work but claims to.

Darren Tucker wrote:
[about PAM calling the wrong conversation function]
I have not been able to replicate this behaviour in a minimal test case, but I'm hoping someone will be able to explain it.

OK, here's a smallish testcase that demonstrates the problem, run on Redhat 9 and Solaris 8. Note that on Redhat, the call to chauthtok (incorrectly) generates a second call to my_conv1, whereas on Solaris myconv2 is (correctly) called in the second case.


$ uname -svr; rpm -q pam
Linux 2.4.20-31.9 #1 Tue Apr 13 17:41:45 EDT 2004
$ gcc wrong-conv-function.c -lpam
$ sudo ./a.out
[673]: pam_start result 0 (Success)
[673]: my_conv1 called
[673]: pam_acct_mgmt result 12 (Authentication token is no longer valid; new one required.)
[674]: pam_set_item result 0 (Success)
[674]: my_conv1 called
[674]: pam_chauthtok result 20 (Authentication token manipulation error)

For comparison, here is the same code run on Solaris 8:

$ uname -svr
SunOS 5.8 Generic_117350-02
$ sudo ./a.out
[20837]: pam_start result 0 (Success)
[20837]: pam_acct_mgmt result 9 (Authentication failed)
[20838]: pam_set_item result 0 (Success)
[20838]: my_conv2 called
[20838]: pam_chauthtok result 6 (Conversation failure)

Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

X bitmap

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]