NetBSD Problem Report #38198

From martin@duskware.de  Sat Mar  8 19:47:01 2008
Return-Path: <martin@duskware.de>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by narn.NetBSD.org (Postfix) with ESMTP id 049AF63B8E3
	for <gnats-bugs@gnats.netbsd.org>; Sat,  8 Mar 2008 19:47:01 +0000 (UTC)
Message-Id: <20080307213052.687C363B842@narn.NetBSD.org>
Date: Fri,  7 Mar 2008 21:30:52 +0000 (UTC)
From: sponitka@smail.uni-koeln.de
Reply-To: sponitka@smail.uni-koeln.de
To: netbsd-bugs-owner@NetBSD.org
Subject: Problem with pam_group
X-Send-Pr-Version: www-1.0

>Number:         38198
>Category:       lib
>Synopsis:       Problem with pam_group
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Mar 08 19:50:00 +0000 2008
>Originator:     Sebas
>Release:        4.99.54
>Organization:
>Environment:
NetBSD fry 4.99.54 NetBSD 4.99.54 (fry) #0: Sun Feb 24 22:42:17 CET 2008  sebas@fry:/u/0/obj/sys/arch/i386/compile/fry i386
>Description:
"The group service module for PAM accepts or rejects users based on their membership in a particular file group."

I added the group "foo" (/etc/group):
foo:*:10000:foouser

I modified the sshd to use pam modules and added the line following line to my /etc/pam.d/sshd file:
auth            requisite       pam_group.so    group=foo

But the pam subsystem rejects any user. I looked in the pam_group.c file, the module checks, whether the target user (PAM_USER) exists in the password database. But later the module checks, whether the ruser (PAM_RUSER) exists in the password db. The module fails if the PAM_RUSER isn't set. 

There was an similar issue with the freebsd implementation:

http://lists.freebsd.org/pipermail/freebsd-i386/2003-June/000086.html

Removing the PAM_RUSER check resolvs the problem.


>How-To-Repeat:
Try to use the pam_group with sshd
>Fix:
Remove the PAM_RUSER check in pam_group.c (???)

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.