Bug 162660 - pam authentication fails
Summary: pam authentication fails
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: squid
Version: 4.0
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Martin Stransky
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 168429 170397 582180 586828
TreeView+ depends on / blocked
 
Reported: 2005-07-07 11:22 UTC by Andrew Meredith
Modified: 2010-04-28 12:51 UTC (History)
0 users

Fixed In Version: RHSA-2006-0052
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 582180 (view as bug list)
Environment:
Last Closed: 2006-03-07 18:50:11 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 56027 0 medium CLOSED pam authentication fails 2021-02-22 00:41:40 UTC
Red Hat Product Errata RHSA-2006:0052 0 qe-ready SHIPPED_LIVE Moderate: squid security update 2006-03-07 05:00:00 UTC

Description Andrew Meredith 2005-07-07 11:22:41 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.7.8) Gecko/20050512 Red Hat/1.0.4-1.4.1 Firefox/1.0.4

Description of problem:
/usr/lib/squid/ncsa_auth and /usr/lib/squid/pam_auth are packages without setuid root. They are therefore cannot access the shadow password file and cannot authenticate until a manual chown has been executed.

Because of this, the package cannot be auto-updated.


Version-Release number of selected component (if applicable):
squid-2.5.STABLE6-3.4E.9

How reproducible:
Always

Steps to Reproduce:
1. Enable ncsa authentication in squid
2. Try to log in (failed)
3. chown /usr/lib/squid/ncsa_auth to setuid root
4. restart squid to restart the authenticator
5. Try to log in (success)
  

Additional info:

The previous report of this issue (56027) has just been closed without a fix.
Comment 1 Andrew Meredith 2005-07-07 11:24:41 UTC 
Typo:

  %s/chown/chmod/g
Comment 2 Martin Stransky 2005-07-07 11:38:49 UTC 
You are right, but we want to avoid using setuid. I'll be working on it.
Comment 3 Martin Stransky 2005-07-15 14:05:21 UTC 
pam_auth and ncsa_auth have setuid in rawhide...
Comment 4 Andrew Meredith 2005-07-15 21:56:56 UTC 
Thanks.

Any idea when this might filter through to the production RHEL4 package?
Comment 5 Martin Stransky 2005-07-18 08:25:00 UTC 
We want to test it in rawhide and if there isn't any problem, we'll update it to
RHEL4...
Comment 7 Martin Stransky 2005-11-15 12:27:30 UTC 
The new release-candidate packages for RHEL3/4 are available here:

http://people.redhat.com/stransky/squid/
Comment 8 Andrew Meredith 2005-11-22 14:02:52 UTC 
Upgrade ran without flaw.

Thanks Martin.
Comment 10 Red Hat Bugzilla 2006-03-07 18:50:11 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2006-0052.html
Note You need to log in before you can comment on or make changes to this bug.