[SunHELP] solaris 2.8 getpwnam() strange behaviour ...

DAUBIGNE Sebastien - BOR ( SDaubigne@bordeaux-bersol.sema.slb.com ) SDaubigne at bordeaux-bersol.sema.slb.com
Thu Mar 6 04:12:44 CST 2003 

You said  : "getpwnam returns a bad encrypted password"

As stated in the man page of getpwnam()  :

"The pw_passwd field in the passwd structure  should  not  be
used  as the encrypted password for the user; use getspnam()
or getspnam_r() instead. See getspnam(3C)"

Now, if you using getspnam() instead, I guess it should be called from
a process which has euid of root, because of /etc/shadow access, which
it seems not to be the case ("Apache is running as a non-root user").
>From man getspnam() :
"Access to the /etc/shadow file is generally restricted to processes running

as  the  super-user (root)"


---
Sebastien DAUBIGNE
sdaubigne at bordeaux-bersol.sema.slb.com
<mailto:sdaubigne at bordeaux-bersol.sema.slb.com>  - (+33)5.57.26.56.36
SchlumbergerSema - SGS/DWH/Pessac

	-----Message d'origine-----
	De:	Adrian.Florea at alcatel.ro [SMTP:Adrian.Florea at alcatel.ro]
	Date:	jeudi 6 mars 2003 11:06
	@:	sunhelp at sunhelp.org
	Objet:	[SunHELP] solaris 2.8 getpwnam() strange behaviour ...

	hello guys,

	Please, give me a feedback if you heared of such a problem:

	- I have a web user interface in which a user can chnage his
password.
	- I'm using as backend Apache + a PAM auth Apache module
	- PAM modules are also customized by me

	inside the PAM authentication module I make a call to
getpwnam/getspnam
	but between subsequent calls to these functions different bad values
are
	returned. That's the case when the user change it's password and
then is
	not recognized by the PAM because getpwnam returns a bad encrypted
	password.

	It seems that getpwnam/getspnam does not return always the good
encrypted
	password for a user.

	Apache is running as a non-root user.

	In Apache logs I see, whenever the auth fails (because of
	getpwnam/getspnam) the err message like: "(9) Bad file number" or
"(13)
	Permission denied"


	Thanks in advance,
	Adrian FLOREA


	P.S. all other login services (rlogin, telnet, ssh, ...) are
filtered
	through PAM and work very fine.
	_______________________________________________
	SunHELP maillist  -  SunHELP at sunhelp.org
	http://www.sunhelp.org/mailman/listinfo/sunhelp

More information about the SunHELP mailing list