reassign 380078 libnss-ldap found 380078 251-1 tags 380078 -patch thanks On Thu, Jul 27, 2006 at 01:42:37PM +0200, Bruno Treguier wrote: > Package: libpam-modules > Version: 0.79-3.1 > Severity: important > Tags: patch
> Since version 246, a change has been made to libnss_ldap, whose > functions getspnam() and getspnam_r() now return "*" instead > of "x" previously, in the sp_pwdp member of a spwd struct. > This introduces an incompatibility with the present version of > libpam-modules, as the "*" case is not handled by the code in > "support.c" (line 741), thus resulting in the helper program > "unix_chkpwd" never being called. > As a consequence, all the programs relying on libpam-modules to > authenticate a user in an LDAP environment may fail. "kcheckpass" is an > example of such a program. I don't agree that this is a PAM bug. The behavior of pam_unix is well-established, and is inherited from the 'shadow' suite which did the same thing for years before it. A '*' in the password field (I guess you mean passwd->pw_passwd, not spwd->sp_pwdp, since this code doesn't handle the latter) means that the account has no valid password; if that's not what libnss-ldap means to communicate, then it should not use this value for the password field. So I'm reassigning this bug report to libnss-ldap; if this bug is still present in the current version (sorry Rick, I haven't checked), then it should be fixed there. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ [EMAIL PROTECTED] [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

