Bug#442095: doesn't provide password to subsiquent PAM modules

Thu, 13 Sep 2007 08:29:45 -0700 

Jack Bates <[EMAIL PROTECTED]> writes:

> For testing, I made my Kerberos password match my local shadow password.
>
> By applying the try_first_pass / use_first_pass option to subsequent
> PAM modules, I should be able to login if the first module fails but I
> enter the correct password for a subsequent module.
>
> Instead, if pam_shishi fails, I'm prompted for and enter the same
> password twice, whereon pam_unix logs me in.
>
> I expect what should happen if pam_shishi fails, is pam_unix should use
> the password I already entered to login and not prompt me to re-enter my
> password.

Thanks for the report.  I believe the patch below will fix the problem,
but I have not tested it.

Thanks,
Simon

commit 13a60fe005922b53c6e2d17267b35d4987ba36b9
Author: Simon Josefsson <[EMAIL PROTECTED]>
Date:   Thu Sep 13 17:19:50 2007 +0200

    Add.

diff --git a/NEWS b/NEWS
index ab2f635..7a9acb4 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,9 @@ See the end for copying conditions.
 ** libpam_shishi: Don't echo password when reading it from console.
 Reported by Jack Bates <[EMAIL PROTECTED]>.
 
+** libpam_shishi: Save read password in PAM library for other modules.
+Reported by Jack Bates <[EMAIL PROTECTED]>.
+
 ** Update translations.
 
 * Version 0.0.32 (released 2007-06-29)

commit 128cac805aa670af409b59bfef80e777ac9f976a
Author: Simon Josefsson <[EMAIL PROTECTED]>
Date:   Thu Sep 13 17:19:03 2007 +0200

    Store password for subsequent PAM modules that use try_first_pass.
    Reported by Jack Bates <[EMAIL PROTECTED]>.

diff --git a/extra/pam_shishi/pam_shishi.c b/extra/pam_shishi/pam_shishi.c
index cd92bad..1b9b39e 100644
--- a/extra/pam_shishi/pam_shishi.c
+++ b/extra/pam_shishi/pam_shishi.c
@@ -143,6 +143,13 @@ pam_sm_authenticate (pam_handle_t * pamh,
       D (("conv returned: %s", resp->resp));
 
       password = resp->resp;
+
+      retval = pam_set_item(pamh, PAM_AUTHTOK, password);
+      if (retval != PAM_SUCCESS)
+       {
+         D (("set_item returned error: %s", pam_strerror (pamh, retval)));
+         goto done;
+       }
     }
 
   tkt = shishi_tkts_get_for_localservicepasswd (shishi_tkts_default (h),



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to