[Bug 67276] Re: pam_unix returns incorrect return value when not run as root

uwe maysara.abdulhaq at gmail.com
Mon Aug 20 18:41:39 UTC 2012 

Hello,

I'm using oneiric 11.10 ; i face the same issue, logins work fine, but
gnome-screensaver does not; in the auth logs i get a message saying:

Aug 20 20:31:37 hostname unix_chkpwd[17080]: check pass; user unknown
Aug 20 20:31:40 hostname unix_chkpwd[17081]: check pass; user unknown
Aug 20 20:31:40 hostname unix_chkpwd[17081]: password check failed for user (usernameX)
Aug 20 20:31:40 hostname gnome-screensaver-dialog: pam_unix(gnome-screensaver:auth): authentication failure; logname= uid=10013 euid=10013 tty=:0.0 ruser= rhost=  user=usernameX
Aug 20 20:31:51hostname ccreds_chkpwd[17095]: error reading cached credentials

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/67276

Title:
  pam_unix returns incorrect return value when not run as root

Status in “pam” package in Ubuntu:
  Expired

Bug description:
  In attempting to fix bug #43465 I have stumbled across this additional
  issue.

  My common-auth file follows:

  auth [default=die success=done authinfo_unavail=reset] pam_unix.so debug
  auth [default=die success=1 service_err=reset auth_err=die] pam_krb5.so use_first_pass debug forwardable
  auth [default=die success=done] pam_ccreds.so action=validate use_first_pass
  auth [default=done] pam_ccreds.so action=store use_first_pass

  The basic idea here is that pam_unix should return success only when
  it is successful, and the process should exit successfully. If
  pam_unix returns "authinfo_unavail", which basically indicates that no
  password is assigned to this user locally or in shadow, the stack
  should proceed to the next module. Any other exit value, such as
  auth_err, should result in immediate termination.

  When run with login, ssh, gdm, and most other pam applications, this
  works exactly as expected.

  When run from gnome-screensaver, while trying to unlock the screen,
  this does not work.

  The difference is that gnome-screensaver does not run as root. I
  suspect this improperly alters the exit code. Even when run as non-
  root, the exit code should still be the same, there is no local shadow
  entry for this user and he does not appear in /etc/passwd. He is
  delivered by nss_ldap.

  This bug is blocking the network-authentication spec.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/67276/+subscriptions

More information about the foundations-bugs mailing list