[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pam_tally and fail_locktime



On Tue, 2005-10-04 at 17:15 -0700, Dan Hollis wrote:
> On Wed, 5 Oct 2005, Benjamin Donnachie wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > Dan Hollis wrote:
> >> pam_abl works great in general, though it doesnt work at all on x86_64
> >> at the moment. maybe someone more clued on pam can fix it.
> >> http://www.hexten.net/bugzilla/show_bug.cgi?id=12
> > I understand that the way pam_abl detects the end of a failed auth
> > attempt is dependent upon services calling the PAM functions in a
> > particular way - perhaps this is different on x86_64s to their predecessors?
> 
> "After doing some tests, I have found that the cleanup function registered 
> by pam_set_data is never called."
> 
> whether the bug is in x86_64 pam or in pam_abl is unknown at the moment. 
> but ia32 pam_abl works fine.
> 
> if the api for x86_64 pam is different, sounds like a pam bug to me. but 
> afaik no other applications that use pam have breakage like this, so i'm 
> going to assume it's a pam_abl bug.
I've tested pam data cleanup with pam_unix on x86_64 machine and all
works well - the cleanup function is called on both pam_set_data
(replacing the old data) and pam_end.
So the bug has to be definitely in pam_abl.

-- 
Tomas Mraz <tmraz redhat com>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]