NetBSD Problem Report #38198
From martin@duskware.de Sat Mar 8 19:47:01 2008
Return-Path: <martin@duskware.de>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by narn.NetBSD.org (Postfix) with ESMTP id 049AF63B8E3
for <gnats-bugs@gnats.netbsd.org>; Sat, 8 Mar 2008 19:47:01 +0000 (UTC)
Message-Id: <20080307213052.687C363B842@narn.NetBSD.org>
Date: Fri, 7 Mar 2008 21:30:52 +0000 (UTC)
From: sponitka@smail.uni-koeln.de
Reply-To: sponitka@smail.uni-koeln.de
To: netbsd-bugs-owner@NetBSD.org
Subject: Problem with pam_group
X-Send-Pr-Version: www-1.0
>Number: 38198
>Category: lib
>Synopsis: Problem with pam_group
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: lib-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Mar 08 19:50:00 +0000 2008
>Originator: Sebas
>Release: 4.99.54
>Organization:
>Environment:
NetBSD fry 4.99.54 NetBSD 4.99.54 (fry) #0: Sun Feb 24 22:42:17 CET 2008 sebas@fry:/u/0/obj/sys/arch/i386/compile/fry i386
>Description:
"The group service module for PAM accepts or rejects users based on their membership in a particular file group."
I added the group "foo" (/etc/group):
foo:*:10000:foouser
I modified the sshd to use pam modules and added the line following line to my /etc/pam.d/sshd file:
auth requisite pam_group.so group=foo
But the pam subsystem rejects any user. I looked in the pam_group.c file, the module checks, whether the target user (PAM_USER) exists in the password database. But later the module checks, whether the ruser (PAM_RUSER) exists in the password db. The module fails if the PAM_RUSER isn't set.
There was an similar issue with the freebsd implementation:
http://lists.freebsd.org/pipermail/freebsd-i386/2003-June/000086.html
Removing the PAM_RUSER check resolvs the problem.
>How-To-Repeat:
Try to use the pam_group with sshd
>Fix:
Remove the PAM_RUSER check in pam_group.c (???)
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.