Bug#354333: libpam-modules: pam_rootok stopped working
reassign 339118 libpam-modules reassign 336513 libpam-modules severity 336513 important merge 336513 339118 354333 thanks On Sat, Feb 25, 2006 at 01:37:45PM +0100, Roberto Suarez Soto wrote: > Package: libpam-modules > Version: 0.79-3.1 > Severity: important > After the upgrade to 0.79-3.1, pam_rootok stopped working. This is my > /etc/pam.d/su: > auth required pam_wheel.so group=wheel > auth sufficient pam_rootok.so debug > auth required pam_unix.so > accountrequired pam_unix.so > sessionrequired pam_unix.so > I noticed this problem when the init.d for fetchmail asked for a > password. Afterwards, I tried to do a "su - fetchmail", and this is what > appears in auth.log: > Feb 25 13:29:58 cheetah PAM-rootok[8830]: authentication succeeded > Feb 25 13:29:59 cheetah su[8830]: (pam_unix) authentication failure; logname= > uid=0 euid=0 tty=tty1 ruser=root rhost= user=fetchmail > Feb 25 13:30:01 cheetah su[8830]: pam_authenticate: Permission denied > Feb 25 13:30:01 cheetah su[8830]: FAILED su for fetchmail by root > As you can see, pam_rootok logs that the authentication succeeded, but > it doesn't work anyway. Maybe the problem is not really in pam_rootok but in > another place, I don't know. Yes, the problem is that you have 'required pam_wheel' listed *before* pam_rootok, and pam_wheel is failing. This is a previously reported behavior change in pam_wheel in pam 0.79. But since it's pretty obvious that you want pam_rootok.so to take precedence here, you should move it to be the first module in the authentication stack. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ signature.asc Description: Digital signature
Bug#354333: libpam-modules: pam_rootok stopped working
Package: libpam-modules Version: 0.79-3.1 Severity: important After the upgrade to 0.79-3.1, pam_rootok stopped working. This is my /etc/pam.d/su: auth required pam_wheel.so group=wheel auth sufficient pam_rootok.so debug auth required pam_unix.so accountrequired pam_unix.so sessionrequired pam_unix.so I noticed this problem when the init.d for fetchmail asked for a password. Afterwards, I tried to do a "su - fetchmail", and this is what appears in auth.log: Feb 25 13:29:58 cheetah PAM-rootok[8830]: authentication succeeded Feb 25 13:29:59 cheetah su[8830]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=tty1 ruser=root rhost= user=fetchmail Feb 25 13:30:01 cheetah su[8830]: pam_authenticate: Permission denied Feb 25 13:30:01 cheetah su[8830]: FAILED su for fetchmail by root As you can see, pam_rootok logs that the authentication succeeded, but it doesn't work anyway. Maybe the problem is not really in pam_rootok but in another place, I don't know. Downgrading to 0.76-22 solved the problem. -- System Information: Debian Release: testing/unstable Architecture: i386 (i686) Shell: /bin/sh linked to /bin/dash Kernel: Linux 2.6.15-skas3-v8.2 Locale: LANG=gl:es:en, LC_CTYPE=gl:es:en (charmap=ISO-8859-1) (ignored: LC_ALL set to gl_ES) Versions of packages libpam-modules depends on: ii libc6 2.3.6-1GNU C Library: Shared libraries an ii libcap1 1:1.10-14 support for getting/setting POSIX. ii libdb4.3 4.3.29-4 Berkeley v4.3 Database Libraries [ ii libpam0g 0.79-3.1 Pluggable Authentication Modules l ii libselinux1 1.28-4 SELinux shared libraries libpam-modules recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]