Bug#537053: libpam-modules: problems authenticating NIS users from gnome-screensaver
Thanks for replying. I don't understand. Are you suggesting that the user is present in both the NIS map *and* in /etc/passwd? Why would you do that? No, I am not. In my configuration the user is defined in passwd and shadow files on NIS SERVER. On the NIS client (debian lenny) nsswitch.conf file I have the entries: passwd: files nis shadow: files nis When pam_unix.so queries the NIS database as a regular user, the password field is substituted by the x character, which is present in the /etc/passwd of the NIS SERVER (as stated in the passwd(5) and pwconv(8) man entry). I downloaded pam_1.0.1-5+lenny1 debian sources, compiled with --enable-debug configure option, created the /var/log/pam-debug.log file with perms 666 to verify the behaviour, which is also reproduced by the ypmatch user passwd command. In this way, the above mentioned line 167 of passverify.c evaluates to FALSE and the unix_chkpwd helper is not invoked, resulting in an authorization denied even if the correct password is typed. I presently modified the if statement as follows: if (strcmp((*pwd)-pw_passwd, *NP*) == 0 || strcmp((*pwd)-pw_passwd, x) == 0) and now the authorization is granted. Thanks for your help, Stefano -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#537053: libpam-modules: problems authenticating NIS users from gnome-screensaver
Package: libpam-modules Version: 1.0.1-5+lenny1 Severity: normal I think I found what could be a bug on pam_unix.so module, specifically on passverify.c routine, if NIS map is used and /etc/passwd password field has lower-case x character (as specified into man 5 passwd entry). In this case, the if condition at line 167 if (strcmp((*pwd)-pw_passwd, *NP*) == 0) will evaluate to FALSE and the unix_chkpwd will not be called. -- System Information: Debian Release: 5.0.2 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.18-6-686 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages libpam-modules depends on: ii debconf [debconf-2.0] 1.5.24 Debian configuration management sy ii libc6 2.7-18 GNU C Library: Shared libraries ii libdb4.6 4.6.21-11 Berkeley v4.6 Database Libraries [ ii libpam0g 1.0.1-5+lenny1 Pluggable Authentication Modules l ii libselinux1 2.0.65-5 SELinux shared libraries libpam-modules recommends no packages. libpam-modules suggests no packages. -- debconf information excluded -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org