Bug 170397 - pam authentication fails
Summary: pam authentication fails
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: squid
Version: 3.0
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Martin Stransky
QA Contact:
URL:
Whiteboard:
Depends On: 162660 582180
Blocks: 168424
TreeView+ depends on / blocked
 
Reported: 2005-10-11 10:53 UTC by Martin Stransky
Modified: 2010-04-28 13:12 UTC (History)
1 user (show)

Fixed In Version: RHSA-2006-0045
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-03-15 15:43:51 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2006:0045 0 qe-ready SHIPPED_LIVE Moderate: squid security update 2006-03-15 05:00:00 UTC

Description Martin Stransky 2005-10-11 10:53:01 UTC 
+++ This bug was initially created as a clone of Bug #162660 +++

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.7.8) Gecko/20050512 Red
Hat/1.0.4-1.4.1 Firefox/1.0.4

Description of problem:
/usr/lib/squid/ncsa_auth and /usr/lib/squid/pam_auth are packages without setuid
root. They are therefore cannot access the shadow password file and cannot
authenticate until a manual chown has been executed.

Because of this, the package cannot be auto-updated.


Version-Release number of selected component (if applicable):
squid-2.5.STABLE6-3.4E.9

How reproducible:
Always

Steps to Reproduce:
1. Enable ncsa authentication in squid
2. Try to log in (failed)
3. chown /usr/lib/squid/ncsa_auth to setuid root
4. restart squid to restart the authenticator
5. Try to log in (success)
  

Additional info:

The previous report of this issue (56027) has just been closed without a fix.

-- Additional comment from andrew on 2005-07-07 07:24 EST --
Typo:

  %s/chown/chmod/g

-- Additional comment from stransky on 2005-07-07 07:38 EST --
You are right, but we want to avoid using setuid. I'll be working on it.

-- Additional comment from stransky on 2005-07-15 10:05 EST --
pam_auth and ncsa_auth have setuid in rawhide...

-- Additional comment from andrew on 2005-07-15 17:56 EST --
Thanks.

Any idea when this might filter through to the production RHEL4 package?

-- Additional comment from stransky on 2005-07-18 04:25 EST --
We want to test it in rawhide and if there isn't any problem, we'll update it to
RHEL4...
Comment 5 Red Hat Bugzilla 2006-03-15 15:43:51 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2006-0045.html
Note You need to log in before you can comment on or make changes to this bug.