2026-06-29 16:40, Chris Hofstaedtler:
> 
> Could you check if this is fixed in 1.7.0-6?

Seems my light digging in the source code missed something because with
1.7.0-6 I don't see that part of the bug anymore.

However, possibly related, the conf= directives are still not followed. I
didn't mention that before, but it was the same in 1.7.0-5.

We have our test services installed similarly to this:
/test/pam/confdir/ml-common-auth
/test/pam/confdir/ml-password-check

They contain `conf=` directives:

/test/pam/confdir/ml-common-auth:
password   requisite  pam_pwquality.so conf=/test/pam/confdir/pwquality.conf 
retry=3 minlen=12

/test/pam/confdir/ml-password-check:
password required pam_pwquality.so conf=/test/pam/confdir/pwquality.conf retry=1

When `strace`ing the binary it now (with 1.7.0-6) resolves the includes
correctly but never tries to open /test/pam/confdir/pwquality.conf but jumps
directly to the standard path which contains the distributions pwquality.conf
so testing fails:

...
openat(AT_FDCWD, "/test/pam/confdir/ml-common-auth", O_RDONLY) = 9
openat(AT_FDCWD, "/etc/security/pwquality.conf.d", 
O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or 
directory)
openat(AT_FDCWD, "/etc/security/pwquality.conf", O_RDONLY) = 9
openat(AT_FDCWD, "/etc/security/pwquality.conf.d", 
O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or 
directory)
openat(AT_FDCWD, "/etc/security/pwquality.conf", O_RDONLY) = 9
...
openat(AT_FDCWD, "/test/pam/confdir/ml-password-check", O_RDONLY) = 5
openat(AT_FDCWD, "/etc/security/pwquality.conf.d", 
O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or 
directory)
openat(AT_FDCWD, "/etc/security/pwquality.conf", O_RDONLY) = 5
openat(AT_FDCWD, "/etc/security/pwquality.conf.d", 
O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or 
directory)
openat(AT_FDCWD, "/etc/security/pwquality.conf", O_RDONLY) = 5
...

Br,
Ted

Reply via email to