Bug 4225 - SAMBA_3_0: pam_winbind cached_login option not working properly
SAMBA_3_0: pam_winbind cached_login option not working properly
Status: RESOLVED FIXED
Product: Samba 3.0
Classification: Unclassified
Component: winbind
3.0.23c
All Linux
: P3 normal
: none
Assigned To: Guenther Deschner
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-11-14 10:58 UTC by Simo Sorce
Modified: 2007-02-13 09:56 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Simo Sorce 2006-11-14 10:58:46 UTC
If only cached_login is in use without krb5_auth, then authentication always fail.

The problem seems to be around in winbind_auth_request() nsswitch/pam_winbind.c
Only if krb5_auth is specified then request.data.auth.uid is filled with something meaningful.
Later in the code if cached_login is selected there is a check for this not being -1 and if it is authentication simply fails completely.
Comment 1 Simo Sorce 2006-11-15 14:02:56 UTC
Just rephrasing as Jeremy politely argued I was not clear enough (see IRC logs if you are curious :-)

Problem:
Authentication fails when *only* cached_login is specified as a pam_winbind module option

Cause:
When cached_login is selected a check is made to determine if request.data.auth.uid is the default value of -1.
In case it is -1 an error is returned and authentication fails

request.data.auth.uid is set to a non default value only when the krb5_auth option is selecetd. See nsswitch/pam_winbind.c:winbind_auth_request() 

Comment 2 Guenther Deschner 2007-02-13 09:56:05 UTC
Should be fixed with -r21318.