Hello.
When attempting use pam with conserver, I noticed that conserver was
sending multiple authentications to PAM. As our security policy mandates
one-time authentication tokens (rsa), multiple authentications using the
same password fail.
Poking around in the code I identified 4 places where CheckPasswd() is
called.
master.c:464 (CheckPasswd(pCLServing, pCLServing->accmd->string,
FLAGFALSE) != AUTH_SUCCESS)
master.c:568 (CheckPasswd(pCLServing, "", FLAGTRUE) == AUTH_SUCCESS)
group.c:3389 (CheckPasswd(pCLServing, pCLServing->accmd->string,
FLAGFALSE) != AUTH_SUCCESS)
group.c:3495 (CheckPasswd(pCLServing, "", FLAGTRUE) == AUTH_SUCCESS)
When connecting from a remote client, it seems the authentication code
in master.c is called and then the authentication code in group.c is called.
Would it be possible to call CheckPasswd() once, store the result in a
global variable, and then pass that global variable to each of the
conditional statements?
Additionally, it would appear that the if statement
(CheckPasswd(pCLServing, "", FLAGTRUE) == AUTH_SUCCESS) at master.c:568
and group.c:3495 will never evaluate true. As I understand the code, the
second variable passed into CheckPasswd should be the user password and
in this case, this is blank. The CheckPasswd function doesn't do
anything special with a blank password.
My c knowledge in nearly non-existent and therefore my grasp of the
authentication code is poor. I don't know the difference between
master.c and group.c and why authentication is happening in both
master.c and group.c.
Thank you,
Matthew Gyurgyik
--
Matthew Gyurgyik
HPC System Administrator
National Center for Computational Sciences
Oak Ridge National Laboratory
865-576-7099
_______________________________________________
users mailing list
users@conserver.com
https://www.conserver.com/mailman/listinfo/users
When attempting use pam with conserver, I noticed that conserver was
sending multiple authentications to PAM. As our security policy mandates
one-time authentication tokens (rsa), multiple authentications using the
same password fail.
Poking around in the code I identified 4 places where CheckPasswd() is
called.
master.c:464 (CheckPasswd(pCLServing, pCLServing->accmd->string,
FLAGFALSE) != AUTH_SUCCESS)
master.c:568 (CheckPasswd(pCLServing, "", FLAGTRUE) == AUTH_SUCCESS)
group.c:3389 (CheckPasswd(pCLServing, pCLServing->accmd->string,
FLAGFALSE) != AUTH_SUCCESS)
group.c:3495 (CheckPasswd(pCLServing, "", FLAGTRUE) == AUTH_SUCCESS)
When connecting from a remote client, it seems the authentication code
in master.c is called and then the authentication code in group.c is called.
Would it be possible to call CheckPasswd() once, store the result in a
global variable, and then pass that global variable to each of the
conditional statements?
Additionally, it would appear that the if statement
(CheckPasswd(pCLServing, "", FLAGTRUE) == AUTH_SUCCESS) at master.c:568
and group.c:3495 will never evaluate true. As I understand the code, the
second variable passed into CheckPasswd should be the user password and
in this case, this is blank. The CheckPasswd function doesn't do
anything special with a blank password.
My c knowledge in nearly non-existent and therefore my grasp of the
authentication code is poor. I don't know the difference between
master.c and group.c and why authentication is happening in both
master.c and group.c.
Thank you,
Matthew Gyurgyik
--
Matthew Gyurgyik
HPC System Administrator
National Center for Computational Sciences
Oak Ridge National Laboratory
865-576-7099
_______________________________________________
users mailing list
users@conserver.com
https://www.conserver.com/mailman/listinfo/users