misc/140514: PAM can give PAM_SUCCESS when infact it should give
pajs at fodder.org.uk
Thu Nov 12 22:00:08 UTC 2009
>Synopsis: PAM can give PAM_SUCCESS when infact it should give PAM_CRED_INSUFFICIENT
>Arrival-Date: Thu Nov 12 22:00:06 UTC 2009
>Originator: Peter Saunders
>Release: FreeBSD 8.0-RC1 i386
System: FreeBSD 8.0-RC1 FreeBSD 8.0-RC1 #2: Mon Oct 5 17:18:42 BST 2009 i386
System: FreeBSD 6.2-RELEASE-p3 FreeBSD 6.2-RELEASE-p3 #2: Sun Apr 1 14:43:00 BST 2007 i386
If an application is not running as root, and the pam stack has pam_unix it, and has the nullok option set
it will always return PAM_SUCCESS for any password given on a valid user name. This is related to 126650
which was filed as not a bug - however, it did not mention that applications could also be given
PAM_SUCCESS for incorrect passwords.
Have an application use pam as non root, with nullok set.
Unknown as detailed in 126650.
More information about the freebsd-bugs