The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


Solaris 8 pam_ldap.so.1 module broken


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Sat, 17 Feb 2001 00:49:43 -0800
From: Caleb David <[email protected]>
To: [email protected]
Subject: Solaris 8 pam_ldap.so.1 module broken

I looked through the archives back to November 2000 and didn't see
this mentioned.  Apologies if it's there and I missed it.

Sunsolve has bugid 4384816 on file regarding this issue.  It's been
known since 06-Nov-2000 with a status of 'Evaluated' but no workaround
or other information, helpful or otherwise, posted as yet.

The problem is that if you use this module for authentication, as
configured in pam.conf per the pam_ldap manpage (for example),
entering a NULL password is a quick way to get a login shell prompt.
That is, entering a NULL password is technically equivalent to
entering the correct password as far as this module is concerned.
Providing an incorrect password (other than NULL, of course) or a
valid password results in proper behavior.

Using the pam_ldap module compiled from source code available at
http://www.padl.com appears to work correctly though I've only had
time to test against the problem described above.

-Caleb

--
Caleb David
[email protected]

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру