[Dovecot] PAM_USER falsely assumed immutable

Timo Sirainen tss at iki.fi
Wed Jul 22 21:13:39 EEST 2009


On Wed, 2009-07-22 at 14:04 -0400, Aaron Richton wrote:
> In 1.2.1 there's:
> 
> passdb-pam.c:230         status = pam_get_item(pamh, PAM_USER, &item);
> passdb-pam.c:237         auth_request_set_field(request, "user", item, NULL);
> 
> so "item" is PAM_USER, which is then checked by auth_request_set_field:
> 
> 1022                 if (strcmp(request->user, value) != 0) {
> 1023                         auth_request_log_debug(request, "auth",
> 1024                                 "username changed %s -> %s",
> 1025                                 request->user, value);
> 
> that it hasn't changed.
> 
> You're not allowed to assume that PAM_USER doesn't change. 

I'm not really sure why you think that's wrong. The code is there
exactly for the reason that if PAM changes username Dovecot will notice
it and starts using it.

Do you have some PAM plugin that changes the username and you don't want
it to be changed?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20090722/bb9218cd/attachment.bin 


More information about the dovecot mailing list