Darren Tucker wrote: [about PAM calling the wrong conversation function]
I have not been able to replicate this behaviour in a minimal test case, but I'm hoping someone will be able to explain it.
OK, here's a smallish testcase that demonstrates the problem, run on Redhat 9 and Solaris 8. Note that on Redhat, the call to chauthtok (incorrectly) generates a second call to my_conv1, whereas on Solaris myconv2 is (correctly) called in the second case.
Thanks, -Daz.
$ uname -svr; rpm -q pam
Linux 2.4.20-31.9 #1 Tue Apr 13 17:41:45 EDT 2004
pam-0.75-48
$ gcc wrong-conv-function.c -lpam
$ sudo ./a.out
[673]: pam_start result 0 (Success)
[673]: my_conv1 called
[673]: pam_acct_mgmt result 12 (Authentication token is no longer valid; new one required.)
[674]: pam_set_item result 0 (Success)
[674]: my_conv1 called
[674]: pam_chauthtok result 20 (Authentication token manipulation error)
For comparison, here is the same code run on Solaris 8:
$ uname -svr SunOS 5.8 Generic_117350-02 $ sudo ./a.out [20837]: pam_start result 0 (Success) [20837]: pam_acct_mgmt result 9 (Authentication failed) [20838]: pam_set_item result 0 (Success) [20838]: my_conv2 called [20838]: pam_chauthtok result 6 (Conversation failure)
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
