Thanks for replying.
> I don't understand. Are you suggesting that the user is present in both the
> NIS map *and* in /etc/passwd? Why would you do that?
No, I am not. In my configuration the user is defined in passwd and shadow
files on NIS SERVER. On the NIS client (debian lenny) nsswitch.conf
file I have the entries:
passwd: files nis
shadow: files nis
When pam_unix.so queries the NIS database as a regular user,
the password field is substituted by the "x" character, which is
present in the /etc/passwd of the NIS SERVER (as stated in the
passwd(5) and pwconv(8) man entry). I downloaded pam_1.0.1-5+lenny1 debian
sources, compiled with --enable-debug configure option, created the
/var/log/pam-debug.log file with perms 666 to verify the behaviour,
which is also reproduced by the ypmatch user passwd command.
In this way, the above mentioned line 167 of passverify.c evaluates to
FALSE and the unix_chkpwd helper is not invoked, resulting in an
authorization denied even if the correct password is typed.
I presently modified the "if" statement as follows:
if (strcmp((*pwd)->pw_passwd, "*NP*") == 0 ||
strcmp((*pwd)->pw_passwd, "x") == 0)
and now the authorization is granted.
Thanks for your help,
Stefano
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
