Bug 2423900
| Summary: | Password authentication fails | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Alexey Tikhonov <atikhono> |
| Component: | openssh | Assignee: | Zoltan Fridrich <zfridric> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | rawhide | CC: | abokovoy, crypto-team, dbelyavs, dwalsh, frenaud, jjelen, lkundrak, mattias.ellert, sbose, spoore, tm, zfridric |
| Target Milestone: | --- | Flags: | zfridric:
needinfo-
fedora-admin-xmlrpc: mirror+ |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | openssh-10.2p1-3.fc44 openssh-10.2p1-3.fc45 | Doc Type: | --- |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2026-02-17 12:12:44 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Alexey Tikhonov
2025-12-19 15:47:28 UTC
I think the code that Marco added upstream (git commit 140bae1df2b7246bb43439d039bf994159973585) should instead use a second call to `getpwnam()`, e.g. `getpwnam(pam_user)`, and then compare pw->uid with the authctxt->pw->uid. This way we don't care whether the PAM stack changed the name by normalization, as long as this gets to the same POSIX account. @atikhono I implemented the change that Alexander Bokovoy suggested. Seems to work, however I am not sure if my reproducer is correct. I was using similar reproducer as for https://bugzilla.mindrot.org/show_bug.cgi?id=3853. Here is the proposed patch: https://src.fedoraproject.org/rpms/openssh/pull-request/105# scratch build should be present under the MR but here is one that I made https://koji.fedoraproject.org/koji/taskinfo?taskID=142383168 Could you please test the change? @zfridric, do you have a copr repo? (In reply to Alexey Tikhonov from comment #6) > @zfridric, do you have a copr repo? I don't. FEDORA-2026-e0777ae202 (openssh-10.2p1-3.fc44) has been submitted as an update to Fedora 44. https://bodhi.fedoraproject.org/updates/FEDORA-2026-e0777ae202 FEDORA-2026-63e3fa9387 (openssh-10.2p1-3.fc45) has been submitted as an update to Fedora 45. https://bodhi.fedoraproject.org/updates/FEDORA-2026-63e3fa9387 FEDORA-2026-e0777ae202 (openssh-10.2p1-3.fc44) has been pushed to the Fedora 44 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2026-63e3fa9387 (openssh-10.2p1-3.fc45) has been pushed to the Fedora 45 stable repository. If problem still persists, please make note of it in this bug report. |