Re: [Pam-mysql-general] use_first_pass in the next module

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi,

You are right. The fix for the problem will be in the next version
that is going to be released very soon.

Regards,
Moriyoshi

On 2005/09/25, at 18:38, Stefan wrote:

> Hello all,
>
> First of all I must say that I'm not very familiar with the 
> PAM-internals.
>
> I've faced problem when tried to configure OpenSSH server
> (FreeBSD-5.3) with pam_mysql (0.7pre2).
>
> Here is the piece of /etc/pam.d/sshd:
>
>
> auth   sufficient  pam_mysql.so     user=...
> auth   required    pam_unix.so      no_warn use_first_pass
>
> It works just fine when user's password is stored in the 
> mysql-database, but
> fails when user has no password in the mysql, but has it in the unix
> shadow-file (root-password for example).
>
>
> I've found this code in the pam_mysql.c:
>
> switch (pam_mysql_check_passwd(ctx, user, passwd,
>                         !(flags & PAM_DISALLOW_NULL_AUTHTOK))) {
>                 case PAM_MYSQL_ERR_SUCCESS:
>                         retval = PAM_SUCCESS;
>                         break;
>
>                 case PAM_MYSQL_ERR_NO_ENTRY:
>                         retval = PAM_USER_UNKNOWN;
>                         goto out;
>
>                 case PAM_MYSQL_ERR_MISMATCH:
>                         retval = PAM_AUTH_ERR;
>                         goto out;
>
>                 case PAM_MYSQL_ERR_ALLOC:
>                         retval = PAM_BUF_ERR;
>                         goto out;
>
>                 default:
>                         retval = PAM_SERVICE_ERR;
>                         goto out;
>         }
>
>         (void) pam_set_item(pamh, PAM_AUTHTOK, passwd);
>
> out:
>         if (passwd != NULL) {
>                 xfree_overwrite(passwd);
>         }
>
> But in this case the authtoken wouldn't be passed to the next module
> in the chain unless PAM_MYSQL_ERR_SUCCESS is returned. Is it right?
>
>
>
> -- 
> Regards,
>  Stefan
>
>
>
> -------------------------------------------------------
> SF.Net email is sponsored by:
> Tame your development challenges with Apache's Geronimo App Server.
> Download it for free - -and be entered to win a 42" plasma tv or your 
> very
> own Sony(tm)PSP.  Click here to play: 
> http://sourceforge.net/geronimo.php
> _______________________________________________
> Pam-mysql-general mailing list
> Pam...@li...
> https://lists.sourceforge.net/lists/listinfo/pam-mysql-general
>