I have implemented a test program modeled after the "check_user" example in the PAM Application Developer's Guide Section 8. This is just a simple program running under a login (bash) shell that tries to authenticate a user/password combination. This was tested on two machines: one running RH 6.2 with PAM 0.72, and the other with RH 7.2 with PAM 0.75. Both exhibit something strange. Here's the problem: with certain passwords, it fails about 50% of the time - depending on the actual password of the test user. That is, some passwords work, and others don't. And here is what's really strange: the password check program authenticates correctly every time if su'd to root (if entering the correct password, of course). However if NOT running as root, it fails about half the time even if I enter the right password; it works, depending on the actual value of the target password. (Of course, login works correctly for the target user regardless of the password setting.) I have tried the "off-the-shelf" conversation routine (misc_conv) that prompts for a password, found in pam_misc, and also have created my own conversation routine. Both produce the same bizarre result. So far, I haven't been able to determine what it is that differentiates passwords that "work" and ones that don't. It also doesn't seem to matter whether I use the authentication module pam_unix_auth.so or pam_pwdb.so. When failing, it doesn't log anything in syslog, but simply delays a couple of seconds, then produces error code 7 (PAM_AUTH_ERR). Any ideas or similar experiences out there? Dave
