Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!
Not eligible to see or edit group visibility for this bug.
View Bug Activity | Format For Printing | XML | Clone This Bug
with the new pam file i can login as user or root without the right password. login succeeds with a wrong password as well as no password at all. sys-apps/qingy-0.9.6-r2 sys-libs/pam-0.99.10.0 Reproducible: Always Steps to Reproduce: 1. install qingy-0.9.6-r2 and update the pam file 2. insert a valid user name 3. press enter Actual Results: login succeeds Expected Results: login fails and tells wrong username/password
Gotta run, can someone from pam/base advise here?
I've added an -r3 with the _correct_ pam.d file I suggested. It has ~ppc dropped because PPC didn't keyword pambase yet.
(In reply to comment #2) > I've added an -r3 with the _correct_ pam.d file I suggested. It has ~ppc > dropped because PPC didn't keyword pambase yet. Actually, in bug #210829 you advised me to use the pamfile from shadow 4.0.18.2, which is (unless I got it wrong) what I used in -r2. Thus, what pam file can be actually used with currently stable pam base?
You got the one in the sources of shadow which is not what shadow uses. I meant the one that shadow _installed_, which is nowhere near what you used for -r2 (which basically allows almost everything). I've made -r3 use pambase which is what latest shadow uses (it was created so that local login systems like qingy have no need to guess what exactly to use).
I understand this is fixed with -r3, thanks. I'd urge you to remove the -r2 version from the tree though. However, this would mean a keyword downgrade for ~ppc. I'm pulling them into cc in case they want to complain about that. Btw, I haven't found any open bug requesting keywords from ppc (for instance bug 212437). Is that intentional? Since a lot of packages are moving to pambase support, what are the implications of that for ppc?
Ohh, further research brought up bug 210777. ppc, are you ok with downgrading until that bug is taken care of?
(In reply to comment #6) > Ohh, further research brought up bug 210777. > > ppc, are you ok with downgrading until that bug is taken care of? > i guess we won't have a choice on that for now ...
ppc really needs to just keyword pambase and stop holding things up
~ppc'd -r3
(In reply to comment #4) > You got the one in the sources of shadow which is not what shadow uses. I meant > the one that shadow _installed_, which is nowhere near what you used for -r2 > (which basically allows almost everything). Actually, I used what I found installed in /etc/pam.d/shadow, and I certainly never mangled with that. > I've made -r3 use pambase which is what latest shadow uses (it was created so > that local login systems like qingy have no need to guess what exactly to use). Good. Removed broken -r2 revision. -r1, outdated as it may be, can stay until pambase goes stable. This can be closed for me...
Thank you.
