lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Mon, 9 Jul 2007 14:58:23 -0500
From:	"hackmiester (Hunter Fuller)" <hackmiester@...kmiester.com>
To:	linux-kernel@...r.kernel.org
Cc:	inaki@...ximeth.org
Subject: PAM LDAP auth issue, but only on some apps...???

Check this out.

[hack@...ka pam.d]$ sudo -u hfuller echo "testing"
Password:
testing

So I can run commands as an LDAP user hfuller, using sudo.

But!

[hack@...ka pam.d]$ su hfuller
Password:
[hack@...ka pam.d]$

If I try to su to the user, it doesn't work, and it doesn't even error out. And:

Jul  9 10:46:39 asuka su(pam_unix)[13051]: session opened for user
hfuller by (uid=0)
Jul  9 10:46:39 asuka su(pam_unix)[13051]: session closed for user hfuller

A session is opened for my user but then immediately closed. And this
is the error ssh throws:

Jul  9 11:59:18 asuka sshd2[13466]: Remote host disconnected:
Authentication method disabled. (user 'hfuller', client address '1
27.0.0.1:48784', requested service 'ssh-connection')
Jul  9 11:59:18 asuka sshd2[13466]: User authentication failed:
'Authentication method disabled. (user 'hfuller', client address
 '127.0.0.1:48784', requested service 'ssh-connection')'

If I try to ssh to localhost using the login hfuller.

If you know stuff about LDAP logins you might be thinking "His LDAP is
broken when using PAM but not NSS."

But here is this test program I was given, that uses PAM libraries...

[hack@...ka pam.d]$ ~hack/check_user
login: hfuller
Password:
PAM said: Success

What?!

Any ideas? This is one of the most confusing problems I've ever had.

-- 
-hackmiester
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ