[Bug 67276] Re: pam_unix returns incorrect return value when not run as root

Launchpad Bug Tracker 67276 at bugs.launchpad.net
Thu Aug 4 04:18:50 UTC 2011 

[Expired for pam (Ubuntu) because there has been no activity for 60
days.]

** Changed in: pam (Ubuntu)
       Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/67276

Title:
  pam_unix returns incorrect return value when not run as root

Status in “pam” package in Ubuntu:
  Expired

Bug description:
  In attempting to fix bug #43465 I have stumbled across this additional
  issue.

  My common-auth file follows:

  auth [default=die success=done authinfo_unavail=reset] pam_unix.so debug
  auth [default=die success=1 service_err=reset auth_err=die] pam_krb5.so use_first_pass debug forwardable
  auth [default=die success=done] pam_ccreds.so action=validate use_first_pass
  auth [default=done] pam_ccreds.so action=store use_first_pass

  The basic idea here is that pam_unix should return success only when
  it is successful, and the process should exit successfully. If
  pam_unix returns "authinfo_unavail", which basically indicates that no
  password is assigned to this user locally or in shadow, the stack
  should proceed to the next module. Any other exit value, such as
  auth_err, should result in immediate termination.

  When run with login, ssh, gdm, and most other pam applications, this
  works exactly as expected.

  When run from gnome-screensaver, while trying to unlock the screen,
  this does not work.

  The difference is that gnome-screensaver does not run as root. I
  suspect this improperly alters the exit code. Even when run as non-
  root, the exit code should still be the same, there is no local shadow
  entry for this user and he does not appear in /etc/passwd. He is
  delivered by nss_ldap.

  This bug is blocking the network-authentication spec.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/67276/+subscriptions

More information about the foundations-bugs mailing list