SSSD / sssd

Clone

5dccf76 pam: set PAM_USER properly with allow_missing_name

Authored and Committed by sbose 4 years ago
raw patch tree parent
5 files changed. 189 lines added. 32 lines removed.
src/responder/pam/pamsrv_p11.c
file modified
+29 -6
src/sss_client/pam_sss.c
file modified
+27 -15
src/tests/cmocka/test_pam_srv.c
file modified
+24 -9
src/tests/intg/Makefile.am
file modified
+8 -1
src/tests/intg/test_pam_responder.py
file modified
+101 -1 
    pam: set PAM_USER properly with allow_missing_name
    
    Currently if the allow_missing_name pam_sss option is used PAM_USER is
    set to the fully-qualified name only for the files provider it is set to
    the short name. This might cause issue with other components expecting
    that the value of PAM_USER corresponds to the name returned by the nss
    calls getpwnam() and getpwuid().
    
    With this patch PAM_USER is set to the same user name as returned by the
    NSS responder. For the communication between pam_sss and SSSD's PAM
    responder the fully-qualified name is kept.
    
    Related to https://pagure.io/SSSD/sssd/issue/4069
    
    Reviewed-by: Pavel Březina <pbrezina@redhat.com>
file modified
+29 -6
file modified
+27 -15
file modified
+24 -9
file modified
+8 -1
file modified
+101 -1
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.