hello,
I use ldap for account and I put something like that in PAM :
auth [success=1 default=bad user_unknown=ignore] pam_unix.so
auth required pam_ldap.so use_first_pass
...
When root application authentificates a ldap user, there is no pb :
first module returns "user_unknown" and 2nd returns "success".
But when application is non-root, first module fails with "user_fail".
The reason is that the helper program "unix_chkpwd" has a dichotomic
return code :
if ((retval != PAM_SUCCESS) || force_failure) {
return PAM_AUTH_ERR;
} else {
return PAM_SUCCESS;
}
Whereas it should return PAM_AUTH_UNKNOWN, it returns PAM_AUTH_ERR and
makes the module fails.
Is there a reason to this behaviour ?
Sincerly,
--
Julien
<< Vous n'avez rien a dire... Parlons-en! >>
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
