Bug 63806 - rlogind ignores pam access denials
rlogind ignores pam access denials
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: rsh (Show other bugs)
7.2
All Linux
medium Severity medium
: ---
: ---
Assigned To: Phil Knirsch
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-04-18 17:02 EDT by Ben Woodard
Modified: 2015-03-04 20:10 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-06-25 09:44:48 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch to fix rsh so that it listens to pam's responses (531 bytes, patch)
2002-04-18 17:04 EDT, Ben Woodard
no flags Details | Diff

  None (edit)
Description Ben Woodard 2002-04-18 17:02:21 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020326

Description of problem:
PAM provides a way for a pam module to specify that this user doesn't currently
have access to the machine. However, it still allows the user to authenticate
with the login program. I know that it is in some ways debatable but giving
users this second chance to identify and authenticate themselves flys in the
face of the intention of pam authentication.

The included patch fixes this problem. What it does is makes it so that if PAM
responds saying that the user is not allowed to login it will exit the rlogind
process.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. create a module which returns PAM_SUCCESS to pam_sm_authenticate and
PAM_PERM_DENIED to pam_sm_acct_mgmt
2. setup pam to use the module
3. make sure that the rsh is available.
4. try to login using rsh
	

Actual Results:  it prompts you for a login

Expected Results:  It should tell you that the access is denied.

Additional info:
Comment 1 Ben Woodard 2002-04-18 17:04:23 EDT
Created attachment 54445 [details]
patch to fix rsh so that it listens to pam's responses
Comment 2 Phil Knirsch 2002-04-22 06:08:47 EDT
Sounds like a good idea, patch looks sane, will most likely include it in the
next version of rsh.

Thanks,

Read ya, Phil
Comment 3 Phil Knirsch 2003-06-25 09:44:48 EDT
Included in rsh-0.17-17 and later.

Read ya, Phil

Note You need to log in before you can comment on or make changes to this bug.