4460 – lsh-pam-checkpw does not do PAM account validation

Bug 4460 - lsh-pam-checkpw does not do PAM account validation

Summary: lsh-pam-checkpw does not do PAM account validation

Status:	CLOSED FIXED

Alias:	None

Product:	ThinLinc
Classification:	Unclassified
Component:	VSM Server (show other bugs)
Version:	3.4.0
Hardware:	PC Unknown

Importance:	P2 Critical
Target Milestone:	4.0.0
Assignee:	Peter Åstrand

URL:
Keywords:	ossman_tester

Depends on:
Blocks:

Reported:	2012-11-06 15:35 CET by Peter Åstrand
Modified:	2012-11-28 12:44 CET (History)
CC List:	0 users

See Also:
Acceptance Criteria:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Peter Åstrand cendio

2012-11-06 15:35:33 CET

It turns out that even though an account is disabled (ie through LDAP shadowExpire etc), you can create a TL session via tlclient.cgi. This because lsh-pam-checkpw does not do any account validation. We should call pam_acct_mgmt, but we are not.

Comment 1 Peter Åstrand cendio

2012-11-06 15:57:28 CET

Fixed in 26134.

Comment 2 Pierre Ossman cendio

2012-11-08 13:04:57 CET

Works. Tested on RHEL 6.

Note You need to log in before you can comment on or make changes to this bug.