--- Steve Langasek <vorlon@netexpress.net> wrote: > Hello, > > On Sat, 8 Sep 2001, S. Park wrote: > > > I've been using PAM 0.75 since I installed Linux > From Scratch on one of > > my workstation, and recently tried to upgrade gdm > (>=2.2.4.0) since it > > has nested servers feature. However, PAM refuses > to "setcred" for gdm > > login. With some digging up the source codes what > I found was that gdm > > now separated authentification and open session w/ > setcred in different > > functions with some reasons related to setgid, > etc. > > > I tried to make a simple program mimicking the > structure of gdm w/ some > > sample codes in the PAM sources: > > The main point is the first routine containing > authentification ends > > with pam_end call. Now this program promtly failed > at the second > > function which tried to setcred after pam_start > call. The error code was > > 6 (I think it is NO PERMISSION?) I ran this > program on a RH 7.1 which > > use PAM 0.74, and it succeeded. I downgraded my > PAM installation on the > > LFS machine to 0.74, and the program works. > > Hmm. This is rather unfortunate. GDM should *not* > be calling pam_end() > between the calls to pam_authenticate() and > pam_setcred(); the pam_handle > created by pam_start() is used by PAM to store > internal state which must be > retained between PAM calls. > > What does your PAM config look like for the gdm > service (/etc/pam.d/gdm)? It > is probably a specific PAM module that's failing in > your case, rather than the > PAM library itself. > > Regards, > Steve Langasek > postmodern programmer > > > > _______________________________________________ > > Pam-list@redhat.com > https://listman.redhat.com/mailman/listinfo/pam-list I've used both of a copy of pam.conf-login and Red Hat pam.d/gdm:auth required pam_unix.so auth optional pam_group.so account requisite pam_time.so account required pam_unix.so password required pam_cracklib.so retry=3 password required pam_unix.so shadow md5 use_authtok session required pam_unix.so session optional pam_console.so or auth required pam_stack.so service=system-auth auth required pam_nologin.so account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth session required pam_stack.so service=system-auth session optional pam_console.s I have a question regarding 0.74 and 0.75. Do you know how 0.74 works w/ gdm and so on? The change made to 0.75 is a bug fix or backward incompatible change? Regards. __________________________________________________ Do You Yahoo!? Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com
