Bug 4225 - SAMBA_3_0: pam_winbind cached_login option not working properly
Summary: SAMBA_3_0: pam_winbind cached_login option not working properly
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: winbind (show other bugs)
Version: 3.0.23c
Hardware: All Linux
: P3 normal
Target Milestone: none
Assignee: Guenther Deschner
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-11-14 10:58 UTC by Simo Sorce
Modified: 2007-02-13 09:56 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Simo Sorce 2006-11-14 10:58:46 UTC 
If only cached_login is in use without krb5_auth, then authentication always fail.

The problem seems to be around in winbind_auth_request() nsswitch/pam_winbind.c
Only if krb5_auth is specified then request.data.auth.uid is filled with something meaningful.
Later in the code if cached_login is selected there is a check for this not being -1 and if it is authentication simply fails completely.
Comment 1 Simo Sorce 2006-11-15 14:02:56 UTC 
Just rephrasing as Jeremy politely argued I was not clear enough (see IRC logs if you are curious :-)

Problem:
Authentication fails when *only* cached_login is specified as a pam_winbind module option

Cause:
When cached_login is selected a check is made to determine if request.data.auth.uid is the default value of -1.
In case it is -1 an error is returned and authentication fails

request.data.auth.uid is set to a non default value only when the krb5_auth option is selecetd. See nsswitch/pam_winbind.c:winbind_auth_request()
Comment 2 Guenther Deschner 2007-02-13 09:56:05 UTC 
Should be fixed with -r21318.