[linux-pam] #67: [PATCH] pam_limits: add a missing comma in the SEE ALSO section in the man page
by fedora-badges
#67: [PATCH] pam_limits: add a missing comma in the SEE ALSO section in the man
page
----------------------+------------------------------
Reporter: ao2 | Owner: pam-developers@…
Type: defect | Status: new
Priority: trivial | Component: documentation
Version: | Keywords:
Blocked By: | Blocking:
----------------------+------------------------------
Hi,
I intended to send the attached patch to pam-
developers(a)lists.fedorahosted.org; I subscribed but it's more than one
month that the subscription approval is pending, so I am sending the patch
here.
It's a trivial one, but I noticed the missing comma and I thought I'd fix
it.
Thanks,
Antonio
BTW, version 1.3.0 is not selectable in the version field when submitting
a new ticket.
--
Ticket URL: <https://fedorahosted.org/linux-pam/ticket/67>
linux-pam <http://fedorahosted.org/linux-pam>
The Linux-PAM (Pluggable Authentication Modules) project
7 years, 4 months
pam_access: First check for the (group) syntax
by Tomas Mraz
Hi,
reportedly there are sites where group names contain @ character. This
patch for pam_access tests for the group match via the (group) syntax
before proceeding with other matches (namely the user@host pattern).
This allows matching groups with the @ character.
OK to commit?
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
(You'll never know whether the road is wrong though.)
7 years, 5 months
[linux-pam] #66: PWD_ABSURD_PWD_LENGTH too low for large groups (> 20000 users)
by fedora-badges
#66: PWD_ABSURD_PWD_LENGTH too low for large groups (> 20000 users)
-------------------------+------------------------------
Reporter: periegetes | Owner: pam-developers@…
Type: defect | Status: new
Priority: trivial | Component: library
Version: | Keywords:
Blocked By: | Blocking:
-------------------------+------------------------------
Hi,
I recently encountered a problem with pam_limits where a given limit
wasn't applied to the members of a large group (all our users have the
same default group, and special permissions are awarded to additional
secondary groups, which makes the default group somewhat large).
A bit of digging shows that pam_modutil_getgrname returns NULL when the
given group gets larger than 262kB (probably as a security measure), which
in turns makes the function pam_modutil_ingroup_common return a false
negative for the membership of any user to such a group.
Here is a trivial patch to increase the maximum group size to 4M (which
seems reasonable enoough) :
{{{
--- pam-1.1.8/libpam/pam_modutil_private.h 2016-10-18
15:09:07.795224582 +0200
+++ pam-1.1.8.ori/libpam/pam_modutil_private.h 2013-06-18
16:11:21.000000000 +0200
@@ -14,7 +14,7 @@
#include <security/pam_modutil.h>
#define PWD_INITIAL_LENGTH 0x400
-#define PWD_ABSURD_PWD_LENGTH 0x400001
+#define PWD_ABSURD_PWD_LENGTH 0x40001
#define PWD_LENGTH_SHIFT 4 /* 2^4 == 16 */
extern void
}}}
Thank you for your efforts,
--
Ticket URL: <https://fedorahosted.org/linux-pam/ticket/66>
linux-pam <http://fedorahosted.org/linux-pam>
The Linux-PAM (Pluggable Authentication Modules) project
7 years, 6 months
[linux-pam] #61: pam_ftp 'users=' can only accept one user account
by fedora-badges
#61: pam_ftp 'users=' can only accept one user account
----------------------+------------------------------
Reporter: purecfs | Owner: pam-developers@…
Type: defect | Status: new
Priority: major | Component: modules
Version: | Keywords: pam_ftp
Blocked By: | Blocking:
----------------------+------------------------------
While the documentation says that for the pam_ftp module, multiple
"anonymous" users can be defined separated by a comma. However, in
practice this fails because PAM_USER is changed from the username to the
user name list specified causing subsequent modules to fail (like
pam_unix).
Here's a fix:
{{{
--- Linux-PAM-1.3.0-orig/modules/pam_ftp/pam_ftp.c 2016-05-24
14:33:39.000000000 -0700
+++ Linux-PAM-1.3.0/modules/pam_ftp/pam_ftp.c 2016-05-24
14:33:56.000000000 -0700
@@ -86,7 +86,6 @@
while (list_copy && (l = strtok_r(x, ",", &sptr))) {
x = NULL;
if (!strcmp(name, l)) {
- *_user = list;
anon = 1;
}
}
}}}
--
Ticket URL: <https://fedorahosted.org/linux-pam/ticket/61>
linux-pam <http://fedorahosted.org/linux-pam>
The Linux-PAM (Pluggable Authentication Modules) project
7 years, 6 months