Bug 63806 - rlogind ignores pam access denials
Summary: rlogind ignores pam access denials
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: rsh   
(Show other bugs)
Version: 7.2
Hardware: All Linux
Target Milestone: ---
Assignee: Phil Knirsch
QA Contact: Ben Levenson
Depends On:
TreeView+ depends on / blocked
Reported: 2002-04-18 21:02 UTC by Ben Woodard
Modified: 2015-03-05 01:10 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2003-06-25 13:44:48 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
patch to fix rsh so that it listens to pam's responses (531 bytes, patch)
2002-04-18 21:04 UTC, Ben Woodard
no flags Details | Diff

Description Ben Woodard 2002-04-18 21:02:21 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020326

Description of problem:
PAM provides a way for a pam module to specify that this user doesn't currently
have access to the machine. However, it still allows the user to authenticate
with the login program. I know that it is in some ways debatable but giving
users this second chance to identify and authenticate themselves flys in the
face of the intention of pam authentication.

The included patch fixes this problem. What it does is makes it so that if PAM
responds saying that the user is not allowed to login it will exit the rlogind

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. create a module which returns PAM_SUCCESS to pam_sm_authenticate and
PAM_PERM_DENIED to pam_sm_acct_mgmt
2. setup pam to use the module
3. make sure that the rsh is available.
4. try to login using rsh

Actual Results:  it prompts you for a login

Expected Results:  It should tell you that the access is denied.

Additional info:

Comment 1 Ben Woodard 2002-04-18 21:04:23 UTC
Created attachment 54445 [details]
patch to fix rsh so that it listens to pam's responses

Comment 2 Phil Knirsch 2002-04-22 10:08:47 UTC
Sounds like a good idea, patch looks sane, will most likely include it in the
next version of rsh.


Read ya, Phil

Comment 3 Phil Knirsch 2003-06-25 13:44:48 UTC
Included in rsh-0.17-17 and later.

Read ya, Phil

Note You need to log in before you can comment on or make changes to this bug.