PAM-0.79 and PAM-0.99

lioupayphone lioupayphone at gmail.com
Thu Dec 4 06:40:24 UTC 2008


Hello, every on in pam-list.
	
i have a question to ask, it is about auth of PAM.

there are two OSs on my hand, one is old FC4_2.6.17 with PAM-0.79-96 and the other is CentOS5.2_2.6.18 with PAM-0.99.

i started 2 daemons on the two different OSs for authenticating users with their passwords (one daemon on each OS).	 obviously, the auth MUST be supported by Linux-PAM . 

my pam-conf is "/etc/pam.d/mybase", it is listed below:
----
#%PAM-1.0
auth       include      system-auth
account    include      system-auth
password   include      system-auth
----

i started a auth-request from the third machine to the two daemons with a non-exist username, but the results from the two daemons are different:
1) result from the daemon running on FC4 shows us that the password is invalid.
2) result from the daemon running on CentOS shows us that the username is invalid.

i think the result from CentOS makes sense. so i diff-ed the source code of PAM-0.79 and PAM-0.99, found  may be there is a bug in _unix_verify_password(), unix_chkpwd.c of PAM-0.79.   if it is a bug, it was fixed in PAM-0.99.
----
	if (pwd == NULL || salt == NULL) {
		_log_err(LOG_ALERT, "check pass; user unknown");
		p = NULL;
		return retval; /* once came here, "UNIX_FAILED" will be returned, but i think "PAM_USER_UNKNOWN" should be returned just like PAM-0.99 */
	}
----

thank you.
 				
Best Regards! 
lioupayphone





More information about the Pam-list mailing list