On Sat, 2001-11-17 at 21:45, David Retz wrote:
> Here's the problem: with certain passwords, it fails about 50% of the time -
> depending on the actual password of the test user. That is, some passwords
> work, and others don't.
>
> And here is what's really strange: the password check program authenticates
> correctly every time if su'd to root (if entering the correct password, of
> course). However if NOT running as root, it fails about half the time even
> if I enter the right password; it works, depending on the actual value of the
> target password. (Of course, login works correctly for the target user
> regardless of the password setting.)
Sounds to me like you have pam modules stacked and you have different
passwords stored in different authentication sources. Perhaps one of
them is a shadow file, is is only readble by root. Try running your
program using strace -e open. That is, if you would normally run
./authtest bbird, try "strace -e open ./bbird". That will give you all
the open calls that your progam makes. My guess is that you will see a
line that looks like
open("/etc/shadow", O_RDONLY) = -1 EPERM (Permission denied)
Since your program is running as a non-privleged user, you cannot open
files that are only readable by root. If the password that only works
as root is stored in /etc/shadow, this would explain why it only works
for root.
Mike
