current-users: Re: =?ISO-8859-1?Q?Re:

Subject: Re: =?ISO-8859-1?Q?Re:_lib/30923?=
To: Zafer Aydogan <zafer@gmx.org>
From: John Nemeth <jnemeth@victoria.tc.ca>
List: current-users
Date: 08/24/2005 13:27:10
On Dec 10,  4:25am, "Zafer Aydogan" wrote:
}
} I wonder why lib/30923 is still open in 3.99.8
} A patch was provided.

     Don't know, guess Christos was too busy or my message went
astray.  I tried sending a copy to gnats-bugs, but for whatever reason
it didn't get appended to the PR.

} This should be pulled up to 2.1, where the same problem is far more explicit
} and tells me that root login is refused for root, when supplied with the
} correct root passwort.

     2.1 doesn't have PAM so its problem is completely different.
Anyways, here's a patch for 2.1:

--- login.c.orig        2005-08-24 13:07:05.000000000 -0700
+++ login.c     2005-08-24 13:08:30.000000000 -0700
@@ -503,9 +503,7 @@
                 * but with insecure terminal, refuse the login attempt.
                 */
                if (pwd && !rval && rootlogin && !rootterm(tty)) {
-                       (void)fprintf(stderr,
-                           "%s login refused on this terminal.\n",
-                           pwd->pw_name);
+                       (void)printf("Login incorrect\n");
                        if (hostname)
                                syslog(LOG_NOTICE,
                                    "LOGIN %s REFUSED FROM %s ON TTY %s",

I don't know whether this is considered to be a problem though, since
it is consistent with traditional Unix behaviour.

} > Von: jnemeth@victoria.tc.ca (John Nemeth)
} > Kopie: zafer@gmx.org, christos@netbsd.org
} 
} >      When you don't have telnetd do authenication, then it calls
} > /usr/bin/login to do it, making login the guilty party here.  When
} > login gets PAM_AUTH_ERROR from pam_authenticate(), it simply prints
} > "Login incorrect" and loops back for another try.  When it gets
} > PAM_AUTH_ERROR (or just about any other error) from pam_acct_mgmt(), it
} > calls a PAM_END macro,  This macro makes a syslog entry with the the
} > information from pam_strerror(), calls warnx() with same, and exits
} > after a five second delay.  The solution is to treat PAM_AUTH_ERROR
} > >from pam_acct_mgmt() the same as from pam_authenticate().  Here is a
} > patch:
} > 
} > --- login_pam.c.orig    2005-08-11 03:46:45.000000000 -0700
} > +++ login_pam.c 2005-08-11 03:48:27.000000000 -0700
} > @@ -388,6 +388,12 @@
} >                                         PAM_END("pam_chauthtok");
} >                                 break;
} > 
} > +                       case PAM_AUTH_ERR:
} > +                       case PAM_USER_UNKNOWN:
} > +                       case PAM_MAXTRIES:
} > +                               auth_passed = 0;
} > +                               break;
} > +
} >                         default:
} >                                 PAM_END("pam_acct_mgmt");
} >                                 break;
} > 
}-- End of excerpt from "Zafer Aydogan"