Bug 8734 - When using PAM_AUTH API from winbind if Kerberos auth is enabled, samba will authenticate user with a bogus domain
Summary: When using PAM_AUTH API from winbind if Kerberos auth is enabled, samba will ...
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.6
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 3.6.3
Hardware: All All
: P5 normal
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-02-01 01:19 UTC by Matthieu Patou
Modified: 2012-02-03 19:17 UTC (History)
1 user (show)

See Also:


Attachments
git-am fix for 3.6.next (1.36 KB, patch)
2012-02-02 20:58 UTC, Jeremy Allison
jra: review? (mat)
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Matthieu Patou 2012-02-01 01:19:22 UTC
In order to work I need to have Kerberos enabled for pam, to use a valid username and password but a bogus domain ie.

./bin/ntlm_auth --domain=BOGUS --user=mat --password=fooBAR999 

I will be in fact authenticated as mat@REALM_OF_DOMAIN.
Comment 1 Matthieu Patou 2012-02-01 01:20:07 UTC
This bug is fixed in master with change 58a6c52e53e968bfa3286400962a58e6ae6f9f4b.

Can it be pulled for 3.6.x next release ?
Comment 2 Jeremy Allison 2012-02-02 20:58:35 UTC
Created attachment 7287 [details]
git-am fix for 3.6.next

I think this is the specific patch. Matthieu please +1 and I'll re-assign to Karolin for inclusion in 3.6.next.

Jeremy
Comment 3 Matthieu Patou 2012-02-02 21:10:55 UTC
Comment on attachment 7287 [details]
git-am fix for 3.6.next

+1
Comment 4 Jeremy Allison 2012-02-02 21:25:57 UTC
Matthieu, click on the "Details" link on the attachment, and change the "?" dropdown to "+" is how to approve a review.

I'll re-assign to Karolin for inclusion, but if you could do that it would help.

Thanks !

Jeremy.
Comment 5 Karolin Seeger 2012-02-03 19:17:59 UTC
Pushed to v3-6-test.
Closing out bug report.

Thanks!