[Dovecot] PAM_USER falsely assumed immutable
Timo Sirainen
tss at iki.fi
Wed Jul 22 21:13:39 EEST 2009
On Wed, 2009-07-22 at 14:04 -0400, Aaron Richton wrote:
> In 1.2.1 there's:
>
> passdb-pam.c:230 status = pam_get_item(pamh, PAM_USER, &item);
> passdb-pam.c:237 auth_request_set_field(request, "user", item, NULL);
>
> so "item" is PAM_USER, which is then checked by auth_request_set_field:
>
> 1022 if (strcmp(request->user, value) != 0) {
> 1023 auth_request_log_debug(request, "auth",
> 1024 "username changed %s -> %s",
> 1025 request->user, value);
>
> that it hasn't changed.
>
> You're not allowed to assume that PAM_USER doesn't change.
I'm not really sure why you think that's wrong. The code is there
exactly for the reason that if PAM changes username Dovecot will notice
it and starts using it.
Do you have some PAM plugin that changes the username and you don't want
it to be changed?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20090722/bb9218cd/attachment.bin
More information about the dovecot
mailing list