Bug 6832

Summary: kcheckpass must be SUID in order to work with NIS passwd
Product: [Retired] Red Hat Linux Reporter: ola
Component: kdebaseAssignee: Preston Brown <pbrown>
Status: CLOSED WORKSFORME QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 6.1CC: ola
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 1999-11-23 16:09:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description ola 1999-11-08 20:06:01 UTC 
kcheckpass cannot validate a NIS-user if the
"use privileged port" security option is active for NIS passwords.

This means that the user cannot recover from e.g. locking the screen
with the KDE screensaver. X must be restarted, killing all active
applications. (It's very easy to trigger the bug.)

Presumably you'd get the same error with at shadow system.

Workaround: SUID on kcheckpass.
Comment 1 Preston Brown 1999-11-23 16:09:59 UTC 
kcheckpass should not be using NIS directly, but rather indirectly through PAM.
all of the PAM processes run with system privileges, and thus should not have
trouble accessing a privileged port.

kcheckpass was compiled with PAM enabled and uses the "login" pam service by
default.