Re: bug in checkpassword-pam (0.90.2)
Brought to you by:
tyranny
Menu
▾
▴
Re: bug in checkpassword-pam (0.90.2)
|
From: John V. <jva...@ag...> - 2001-12-19 22:13:28
|
On Thu, 20 Dec 2001, Alexey Mahotkin wrote: > >>>>> "JV" == John Vaughan <jva...@ag...> writes: > > JV> pam_error = pam_setcred(pamh, PAM_ESTABLISH_CRED); > > JV> It worked fine... > > Wow! Thanks. What operating system do you have? I'm inflicting Solaris upon it, lucky me. > /usr/include/security/_pam_compat.h:# define PAM_ESTABLISH_CRED 0x1 > /usr/include/security/_pam_types.h:#define PAM_ESTABLISH_CRED 0x0002U > > > Feel the difference between two last #defines 8-[ ] People, do you see > something like that on your system? Solaris only has: /usr/include/security/pam_appl.h:#define PAM_ESTABLISH_CRED 0x1 I think the second linux define is something specific to linux-pam, which was developed in parallel to Solaris pam (afair). > Comments in log_pam.c say: > > /* for compability with older pam stuff, before the stupid transposition */ > #ifndef PAM_CRED_ESTABLISH > #define PAM_CRED_ESTABLISH 0x0002U > #endif > > I think it could be changed to > > #define PAM_CRED_ESTABLISH PAM_ESTABLISH_CRED > > > though I'm already way fscking afraid of it all :) My FreeBSD boxen have the 0x0002U define as well, but comment: /* ---------------------- The Linux-PAM flags -------------------- */ So, unless you want to do some trickery with detecting which pam flavour it is, it may just be easier to do that simple change. I still think you should change the main thing to be the ESTABLISH_CRED though. Personally. But I'm just a sysadmin :) > Oh, do you run cvs-nserver in production? Well, we're looking to put it into a lab environment. My goal is to get every single thing we have passwords for to authenticate against ldap, and the only good way to do that in unixland is with PAM. I guess if it works in the lab, it could be used in production instead of the large commercial product which everyone hates :) -- John Vaughan | 20 Exchange Place Director of Network Systems | New York, NY 10005 AGENCY.COM | 212-358-5407 |
