[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

pam_unix does not fully honor the "nis" flag



The pam_unix module attempts to resolve users via NIS, regardless of
whether the "nis" flag is set.  When the system has a working NIS setup
not enabled in /etc/nsswitch.conf, e.g. during an LDAP migration,
password changes are reported as successful, but no action is taken.  

Fix attached.

-- 
Aaron Hope <Aaron Hope unh edu>
NPG System Administrator
PGP key: http://perennialmind.cjb.net/gpg_key.txt

--- Linux-PAM/modules/pam_unix/pam_unix_passwd.c.cvs	2005-08-25 13:39:24.270406862 -0400
+++ Linux-PAM/modules/pam_unix/pam_unix_passwd.c	2005-08-25 13:58:13.915126603 -0400
@@ -1051,10 +1051,10 @@
 	 * getpwnam() doesn't tell you *where* the information it gives you
 	 * came from, nor should it.  That's our job.
 	 */
-	if (_unix_comesfromsource(pamh, user, 1, 1) == 0) {
+	if (_unix_comesfromsource(pamh, user, 1, on(UNIX_NIS,ctrl)) == 0) {
 		_log_err(LOG_DEBUG, pamh,
-			 "user \"%s\" does not exist in /etc/passwd or NIS",
-			 user);
+			 "user \"%s\" does not exist in /etc/passwd%s",
+			 user, on(UNIX_NIS,ctrl) ? " or NIS" : "");
 		return PAM_USER_UNKNOWN;
 	} else {
 		struct passwd *pwd;

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]