We use pam_authenticate to authenticate users logging into our software
product. On most systems, this has worked splendidly, however on one
customer's installation, authentication only succeeds if the process
calling pam_authenticate is running as root or else if the username being
authenticated is the same as the process' UID.
For instance:
process running as 'someuser':
pam_authenticate "someuser" with correct password: SUCCESS
pam_authenticate "otheruser" with correct password: FAILURE
pam_authenticate "someuser" with incorrect password: FAILURE
pam_authenticate "otheruser" with incorrect password: FAILURE
process running as 'otheruser':
pam_authenticate "someuser" with correct password: FAILURE
pam_authenticate "otheruser" with correct password: SUCCESS
pam_authenticate "someuser" with incorrect password: FAILURE
pam_authenticate "otheruser" with incorrect password: FAILURE
process running as 'root':
pam_authenticate "someuser" with correct password: SUCCESS
pam_authenticate "otheruser" with correct password: SUCCESS
pam_authenticate "someuser" with incorrect password: FAILURE
pam_authenticate "otheruser" with incorrect password: FAILURE
In every case of FAILURE pam_strerror returns "Authentication failure"
They are using RedHat Enterprise 3 (kernel 2.4.20)
Their configuration (via authconfig):
(User Information Configuration):
Cache Information: no
Use NIS: no
Use LDAP: no
Use Hesiod: no
(Authentication Configuration):
Use Shadow Passwords: *YES*
Use MD5 Passwords: *YES*
Use LDAP Authentication: no
Use Kerberos 5: no
Use SMB Authentication: no
Any thoughts? Any suggestions where to look? I'm assuming it's some sort
of file permission issue, but I can't figure out what it might be.
Steve Bush
--
Steve Bush (mazer1310@xxxxxxxxxxx)
"There was a point to this narrative, but it has presently escaped the
chronicler's mind." --Douglas Adams
_______________________________________________
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
