PAM-0.79 and PAM-0.99
lioupayphone
lioupayphone at gmail.com
Thu Dec 4 06:40:24 UTC 2008
Hello, every on in pam-list.
i have a question to ask, it is about auth of PAM.
there are two OSs on my hand, one is old FC4_2.6.17 with PAM-0.79-96 and the other is CentOS5.2_2.6.18 with PAM-0.99.
i started 2 daemons on the two different OSs for authenticating users with their passwords (one daemon on each OS). obviously, the auth MUST be supported by Linux-PAM .
my pam-conf is "/etc/pam.d/mybase", it is listed below:
----
#%PAM-1.0
auth include system-auth
account include system-auth
password include system-auth
----
i started a auth-request from the third machine to the two daemons with a non-exist username, but the results from the two daemons are different:
1) result from the daemon running on FC4 shows us that the password is invalid.
2) result from the daemon running on CentOS shows us that the username is invalid.
i think the result from CentOS makes sense. so i diff-ed the source code of PAM-0.79 and PAM-0.99, found may be there is a bug in _unix_verify_password(), unix_chkpwd.c of PAM-0.79. if it is a bug, it was fixed in PAM-0.99.
----
if (pwd == NULL || salt == NULL) {
_log_err(LOG_ALERT, "check pass; user unknown");
p = NULL;
return retval; /* once came here, "UNIX_FAILED" will be returned, but i think "PAM_USER_UNKNOWN" should be returned just like PAM-0.99 */
}
----
thank you.
Best Regards!
lioupayphone
More information about the Pam-list
mailing list