Bug 170397

Summary: pam authentication fails
Product: Red Hat Enterprise Linux 3 Reporter: Martin Stransky <stransky>
Component: squidAssignee: Martin Stransky <stransky>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 3.0CC: poelstra
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: RHSA-2006-0045 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-03-15 15:43:51 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 162660, 582180    
Bug Blocks: 168424    

Description Martin Stransky 2005-10-11 10:53:01 UTC 
+++ This bug was initially created as a clone of Bug #162660 +++

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.7.8) Gecko/20050512 Red
Hat/1.0.4-1.4.1 Firefox/1.0.4

Description of problem:
/usr/lib/squid/ncsa_auth and /usr/lib/squid/pam_auth are packages without setuid
root. They are therefore cannot access the shadow password file and cannot
authenticate until a manual chown has been executed.

Because of this, the package cannot be auto-updated.


Version-Release number of selected component (if applicable):
squid-2.5.STABLE6-3.4E.9

How reproducible:
Always

Steps to Reproduce:
1. Enable ncsa authentication in squid
2. Try to log in (failed)
3. chown /usr/lib/squid/ncsa_auth to setuid root
4. restart squid to restart the authenticator
5. Try to log in (success)
  

Additional info:

The previous report of this issue (56027) has just been closed without a fix.

-- Additional comment from andrew on 2005-07-07 07:24 EST --
Typo:

  %s/chown/chmod/g

-- Additional comment from stransky on 2005-07-07 07:38 EST --
You are right, but we want to avoid using setuid. I'll be working on it.

-- Additional comment from stransky on 2005-07-15 10:05 EST --
pam_auth and ncsa_auth have setuid in rawhide...

-- Additional comment from andrew on 2005-07-15 17:56 EST --
Thanks.

Any idea when this might filter through to the production RHEL4 package?

-- Additional comment from stransky on 2005-07-18 04:25 EST --
We want to test it in rawhide and if there isn't any problem, we'll update it to
RHEL4...
Comment 5 Red Hat Bugzilla 2006-03-15 15:43:51 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2006-0045.html