#2635 Missing variable assignment in PAM test

1.300
closed
5
2006-10-04
2006-10-02
Anonymous
No

After half an hour of getting "PAM test failed - maybe
/etc/pam.d/webmin does not exist" thrown at me in
miniserv.errors, I dug into the code and found that the
PAM test requirements could never be fulfilled.

Now I haven't used Webmin for more than 5 minutes (it's
a customer request) and I didn't research the Auth::PAM
docs at all, but it seems the bug is due to a simple
missing assignment. The attached patch appears to work.

OS: GNU/Linux (OpenSUSE 10.1), though I doubt that
matters in this case.

--
Daniel Werner

Discussion

  • Jamie Cameron

    Jamie Cameron - 2006-10-02

    Logged In: YES
    user_id=129364

    Actually, your patch is wrong - $pam_conv_func_called is set
    in the pam_conv_func function, which is called back by
    pam_authenticate.

    Does /etc/pam.d/webmin exist on your system, and if so what
    does it contain?

     
  • Nobody/Anonymous

    Logged In: NO

    Thanks for the explanation, I didn't consider the
    consequences of "local $pamh" ;)

    /etc/pam.d/webmin:
    auth sufficient pam_securityserver.so
    auth required pam_deny.so
    account required pam_permit.so
    password required pam_deny.so
    session required pam_permit.so

    Ripped this off from some example configuration (without
    actually comprehending it) due to schedule constraints, so
    it may as well be utter nonsense. So far, authentication
    works using the password hash in /etc/webmin/miniserv.users
    -- skipping PAM auth anyway, I *guess*.

    Please note: My goal was to compile Webmin from scratch and
    get it up & running asap because of a tight time limit,
    leaving further configuration to the customer. To sum it up,
    the most significant "bug" might as well be that I didn't
    have time to research the details of PAM nor Webmin
    configuration.

    --
    Daniel Werner

     
  • Jamie Cameron

    Jamie Cameron - 2006-10-04
    • status: open --> closed
     
  • Jamie Cameron

    Jamie Cameron - 2006-10-04

    Logged In: YES
    user_id=129364

    Yeah, that pam.d/webmin file looks wrong to me. It should
    really be like :

    #%PAM-1.0
    auth required pam_unix.so nullok
    account required pam_unix.so
    session required pam_unix.so

     
  • Nobody/Anonymous

    Logged In: NO

    I've implemented a slightly modified policy on the system in
    question. Reading the Webmin/Usermin FAQs in advance would
    have helped this matter greatly... X-|

    Unfortunately, I don't have access to this system anymore,
    so I can't tell if it worked or didn't. The problem has
    probably been caused by using that haphazard pam.d/webmin,
    so I guess this bug report can be closed.

    Anyway, thanks for your patient support.

    --
    Daniel Werner

     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks