Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authentication fails for users not available via libc #2

Open
busbey opened this issue Nov 12, 2012 · 5 comments · May be fixed by #12
Open

Authentication fails for users not available via libc #2

busbey opened this issue Nov 12, 2012 · 5 comments · May be fixed by #12

Comments

@busbey
Copy link

busbey commented Nov 12, 2012

Right now users authenticated via PAM are conflated with users local to the box.

Steps to reproduce:

  1. set up a PAM service that authenticates external to the system, ie pam_ldap (but do not make this login)

  2. do not set up a local user with the same name

  3. use libpam4j to authenticate

Ideally, the libc based information should be optional additional info.
@eskatos
Copy link

eskatos commented Nov 23, 2014

👍 This prevent implementing Radius authentication through PAM

@eskatos
Copy link

eskatos commented Nov 23, 2014

@busbey looks like you started working on this on your fork, could you tell us about it?

@busbey
Copy link
Author

busbey commented May 19, 2015

I think I got this working on my fork. I'll see if it's in condition for a PR

@eskatos
Copy link

eskatos commented May 19, 2015

\o/

busbey added a commit to busbey/libpam4j that referenced this issue May 19, 2015
@busbey
Makes local user information optional.
7b32261 
* Changes PAM.authenticate to return a generic AuthenticatedUser.
** Uses UnixUser.exists instead of manually checking libc.passwd, then returns either
   a UnixUser or a generic AuthenticatedUser.
** Non-backwards compatible because of the method signature change on PAM.authenticate.
* Changes UnixUser to be a subclass of the generic AuthenticatedUser.

Fixes kohsuke#2
busbey added a commit to busbey/libpam4j that referenced this issue May 19, 2015
@busbey
Makes local user information optional.
2a6a841 
* Changes PAM.authenticate to return a generic AuthenticatedUser.
** Uses UnixUser.exists instead of manually checking libc.passwd, then returns either
   a UnixUser or a generic AuthenticatedUser.
** Non-backwards compatible because of the method signature change on PAM.authenticate.
* Changes UnixUser to be a subclass of the generic AuthenticatedUser.

Fixes kohsuke#2
@busbey busbey linked a pull request May 19, 2015 that will close this issue
Open
@busbey
Copy link
Author

busbey commented May 19, 2015

there's a pull request on current master. FYI, it's a breaking change because of the API alteration.

@slonopotamus slonopotamus mentioned this issue Feb 11, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Makes local user information optional. busbey/libpam4j
2 participants
@busbey @eskatos