return code of unix_chkpwd
Julien Soula
jsoula at univ-lille2.fr
Thu Apr 12 13:22:52 UTC 2007
hello,
I use ldap for account and I put something like that in PAM :
auth [success=1 default=bad user_unknown=ignore] pam_unix.so
auth required pam_ldap.so use_first_pass
...
When root application authentificates a ldap user, there is no pb :
first module returns "user_unknown" and 2nd returns "success".
But when application is non-root, first module fails with "user_fail".
The reason is that the helper program "unix_chkpwd" has a dichotomic
return code :
if ((retval != PAM_SUCCESS) || force_failure) {
return PAM_AUTH_ERR;
} else {
return PAM_SUCCESS;
}
Whereas it should return PAM_AUTH_UNKNOWN, it returns PAM_AUTH_ERR and
makes the module fails.
Is there a reason to this behaviour ?
Sincerly,
--
Julien
<< Vous n'avez rien a dire... Parlons-en! >>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/pam-list/attachments/20070412/8945941a/attachment.sig>
More information about the Pam-list
mailing list