Bug 52371 - pam_group component doesn't work (and possibly others)
pam_group component doesn't work (and possibly others)
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: gdm (Show other bugs)
7.1
All Linux
medium Severity medium
: ---
: ---
Assigned To: Havoc Pennington
Aaron Brown
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-08-23 03:59 EDT by George Lebl
Modified: 2007-04-18 12:36 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-01-10 15:33:40 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch to fix a pam setcred bug in gdm 2.2.3.1 (5.03 KB, patch)
2001-08-23 04:03 EDT, George Lebl
no flags Details | Diff

  None (edit)
Description George Lebl 2001-08-23 03:59:39 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux alpha; en-US; rv:0.9.2) Gecko/20010809

Description of problem:
Since the pam_setcred is called before the initgroups call, setting
supplementary groups with pam_group will thus not work of course since
the groups are then wiped later.  It could be that other credentials are
also not set correctly because of this, another (but minor) issue is that
pam_open_session was called before setcred, rather then after as is
recommended by the pam docs.  This bug applies to all gdm versions that I
know of and thus all versions of redhat that use gdm.  A fix is in the
current CVS version and will be in the next release.  In the meantime I
have attached a patch against 2.2.3.1 which is the version redhat seems to
be using currently. Not sure how critical this is, since essentially no gdm
version got it right previously and pam_group is not that useful, however,
other modules that grant certain credentials could be effected
by this as well.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. use pam_group
2. log in with gdm
3. 
	

Actual Results:  No supplemental group memberships given by pam_group. 
Only those listed in /etc/groups are given by initgroups

Expected Results:  have both /etc/groups and pam_group setups be in effect

Additional info:
Comment 1 George Lebl 2001-08-23 04:03:55 EDT
Created attachment 29134 [details]
Patch to fix a pam setcred bug in gdm 2.2.3.1
Comment 2 Havoc Pennington 2002-01-10 11:16:56 EST
Nalin when I get to work I plan to ask you to explain what George is talking
about ;-)
Comment 3 George Lebl 2002-01-10 15:33:34 EST
Well, all that stuff changed recently anyway.  I think it's best to just upgrade
to 2.2.5.4 which I think does pam correctly.
Comment 4 Havoc Pennington 2002-02-11 19:01:00 EST
OK, rawhide has new gdm

Note You need to log in before you can comment on or make changes to this bug.