Bug 89671 - Netatalk default pam file does not take authconfig settings
Summary: Netatalk default pam file does not take authconfig settings
Status: CLOSED UPSTREAM
Alias: None
Product: Fedora
Classification: Fedora
Component: netatalk (Show other bugs)
(Show other bugs)
Version: 3
Hardware: i386 Linux
medium
low
Target Milestone: ---
Assignee: Jason Vas Dias
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2003-04-25 19:08 UTC by Need Real Name
Modified: 2007-11-30 22:10 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-06-16 23:35:38 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
A pam configuration for netatalk that uses system-auth (277 bytes, text/plain)
2005-01-02 15:41 UTC, lars
no flags Details

Description Need Real Name 2003-04-25 19:08:02 UTC
From Bugzilla Helper:


User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0) Opera 
7.01  [en]




Description of problem:


The default netatalk package installs a file in /etc/pam.d that only works if 
you use /etc/passwd and friends and not f.x ldap. 




The solution is to change the file to one that uses pam_stack.so






Version-Release number of selected component (if applicable):


1.5.5-6




How reproducible:


Always




Steps to Reproduce:


Install netatalk on a new computer.


    




Actual Results:  people will not be able to log in by using ldap.




Expected Results:  I didn't expect pam to be the problem.




Additional info:

Comment 1 Charlie Bennett 2004-09-23 18:53:02 UTC
This bug has been moved to Fedora Core for investigation against the
shipping 1.6.4 version there.

Comment 2 lars 2005-01-02 15:40:09 UTC
I just got bit by this one.

It's now 2005 and this bug (posted in *april* of 2003) still exists -- come on
guys, just replace pam.d/netatalk!  pam.d/sshd is an excellent template.

Here, look, I'll attach the configuration file to this bug report.  Just save it
and rebuild the rpm and we'll all be happy.

Comment 3 lars 2005-01-02 15:41:44 UTC
Created attachment 109235 [details]
A pam configuration for netatalk that uses system-auth

Comment 4 Jason Vas Dias 2005-06-16 23:35:38 UTC
Sorry for the delay in processing this bug - the previous maintainer
of netatalk has moved on. 
PAM configuration files are meant to be configured by the system
administrator to suit local policies. 
If your local policy is to allow LDAP or NIS users to use netatalk,
then you have been able to configure netatalk accordingly. 
I'm not sure that your modifications to pam.d/netatalk should be
the default for all users . The new authentication policy would
need extensive testing to ensure that no password data can be 
leaked .
I've included it in the next release of netatalk, 2.0.3-2, in 
/usr/share/doc/netatalk-2.0.3/config.example/, along with 
netatalk.pamd.shadow.

Even if it were the default in the RPM, it would not replace
/etc/pam.d/netatalk during upgrade because this file is marked
%config(noreplace) in the spec.file, as it is meant to be user
configurable.

I'm currently testing your pam.d/netatalk file on my netatalk
installation and will make it the default pam.d/netatalk file
in future releases if it causes no problems and if the upstream 
maintainers agree to making it the default.


Note You need to log in before you can comment on or make changes to this bug.