NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

lib/38198: Problem with pam_group



>Number:         38198
>Category:       lib
>Synopsis:       Problem with pam_group
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Mar 08 19:50:00 +0000 2008
>Originator:     Sebas
>Release:        4.99.54
>Organization:
>Environment:
NetBSD fry 4.99.54 NetBSD 4.99.54 (fry) #0: Sun Feb 24 22:42:17 CET 2008  
sebas@fry:/u/0/obj/sys/arch/i386/compile/fry i386
>Description:
"The group service module for PAM accepts or rejects users based on their 
membership in a particular file group."

I added the group "foo" (/etc/group):
foo:*:10000:foouser

I modified the sshd to use pam modules and added the line following line to my 
/etc/pam.d/sshd file:
auth            requisite       pam_group.so    group=foo

But the pam subsystem rejects any user. I looked in the pam_group.c file, the 
module checks, whether the target user (PAM_USER) exists in the password 
database. But later the module checks, whether the ruser (PAM_RUSER) exists in 
the password db. The module fails if the PAM_RUSER isn't set. 

There was an similar issue with the freebsd implementation:

http://lists.freebsd.org/pipermail/freebsd-i386/2003-June/000086.html

Removing the PAM_RUSER check resolvs the problem.


>How-To-Repeat:
Try to use the pam_group with sshd
>Fix:
Remove the PAM_RUSER check in pam_group.c (???)



Home | Main Index | Thread Index | Old Index