-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
| Maybe that's because this does not appear to be true. | | # ./authtest mrsam | Authenticated: module authdaemon | Home directory: /home/mrsam | UID/GID: 501/100 | AUTHADDR=mrsam | AUTHFULLNAME=Mr. Sam | [EMAIL PROTECTED] authlib]# ./authtest mrsam mypassword | Authenticated: module authdaemon | Home directory: /home/mrsam | UID/GID: 501/100 | AUTHADDR=mrsam | AUTHFULLNAME=Mr. Sam |
Sam,
authtest actually does a geteuid() call AFTER querying authdaemond to retreive the uid. Thus it is not possible to use authtest in this manner as there's other magic happening in the preauth libraries
Exactly what "manner" are you referring to?
(including the setuid call allowing this to work...) which aren't available to external systems.
Everything that authtest receives from authdaemon is also available to external systems.
| The following patch doesn't do anything. Actually, the only thing it | does is that it initializes auxiliary groups, on systems that include | individual accounts into multiple groups. |
Untrue!
This patch ensures authdaemond physically writes "UID=xxx" down the socket for authpam, authpwd, and authshadow, which currently do not do this, although other mechanisms already do.
authtest works fine as is. Nothing needs to be fixed.
Can we have these changes please.
To summarize:
A) The socket wire format used by authdaemon is really an internal application format. It's not formally documented, per se. But since the source code is -- obviously -- available it's not that difficult to figure it out.
B) Someone else figured out, well, most of it, and missed out a small detail. As a result, their code does not work all the time.
C) You want to make a useless kludge to authdaemon, just so that the other code doesn't choke.
What's wrong with this picture?
pgp00000.pgp
Description: PGP signature
