Bug 4460 - lsh-pam-checkpw does not do PAM account validation
Summary: lsh-pam-checkpw does not do PAM account validation
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: VSM Server (show other bugs)
Version: 3.4.0
Hardware: PC Unknown
: P2 Critical
Target Milestone: 4.0.0
Assignee: Peter Åstrand
Keywords: ossman_tester
Depends on:
Reported: 2012-11-06 15:35 CET by Peter Åstrand
Modified: 2012-11-28 12:44 CET (History)
0 users

See Also:
Acceptance Criteria:


Description Peter Åstrand cendio 2012-11-06 15:35:33 CET
It turns out that even though an account is disabled (ie through LDAP shadowExpire etc), you can create a TL session via tlclient.cgi. This because lsh-pam-checkpw does not do any account validation. We should call pam_acct_mgmt, but we are not.
Comment 1 Peter Åstrand cendio 2012-11-06 15:57:28 CET
Fixed in 26134.
Comment 2 Pierre Ossman cendio 2012-11-08 13:04:57 CET
Works. Tested on RHEL 6.

Note You need to log in before you can comment on or make changes to this bug.