Bugzilla will be upgraded to version 5.0 on December 2, 2018. The outage period for the upgrade will start at 0:00 UTC and have a duration of 12 hours
Bug 162660 - pam authentication fails
pam authentication fails
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: squid (Show other bugs)
4.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Martin Stransky
:
Depends On:
Blocks: 168429 170397 582180 586828
  Show dependency treegraph
 
Reported: 2005-07-07 07:22 EDT by Andrew Meredith
Modified: 2010-04-28 08:51 EDT (History)
0 users

See Also:
Fixed In Version: RHSA-2006-0052
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 582180 (view as bug list)
Environment:
Last Closed: 2006-03-07 13:50:11 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Bugzilla 56027 None None None Never
Red Hat Product Errata RHSA-2006:0052 qe-ready SHIPPED_LIVE Moderate: squid security update 2006-03-07 00:00:00 EST

  None (edit)
Description Andrew Meredith 2005-07-07 07:22:41 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.7.8) Gecko/20050512 Red Hat/1.0.4-1.4.1 Firefox/1.0.4

Description of problem:
/usr/lib/squid/ncsa_auth and /usr/lib/squid/pam_auth are packages without setuid root. They are therefore cannot access the shadow password file and cannot authenticate until a manual chown has been executed.

Because of this, the package cannot be auto-updated.


Version-Release number of selected component (if applicable):
squid-2.5.STABLE6-3.4E.9

How reproducible:
Always

Steps to Reproduce:
1. Enable ncsa authentication in squid
2. Try to log in (failed)
3. chown /usr/lib/squid/ncsa_auth to setuid root
4. restart squid to restart the authenticator
5. Try to log in (success)
  

Additional info:

The previous report of this issue (56027) has just been closed without a fix.
Comment 1 Andrew Meredith 2005-07-07 07:24:41 EDT
Typo:

  %s/chown/chmod/g
Comment 2 Martin Stransky 2005-07-07 07:38:49 EDT
You are right, but we want to avoid using setuid. I'll be working on it.
Comment 3 Martin Stransky 2005-07-15 10:05:21 EDT
pam_auth and ncsa_auth have setuid in rawhide...
Comment 4 Andrew Meredith 2005-07-15 17:56:56 EDT
Thanks.

Any idea when this might filter through to the production RHEL4 package?
Comment 5 Martin Stransky 2005-07-18 04:25:00 EDT
We want to test it in rawhide and if there isn't any problem, we'll update it to
RHEL4...
Comment 7 Martin Stransky 2005-11-15 07:27:30 EST
The new release-candidate packages for RHEL3/4 are available here:

http://people.redhat.com/stransky/squid/
Comment 8 Andrew Meredith 2005-11-22 09:02:52 EST
Upgrade ran without flaw.

Thanks Martin.

Comment 10 Red Hat Bugzilla 2006-03-07 13:50:11 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2006-0052.html

Note You need to log in before you can comment on or make changes to this bug.