diff options
| -rw-r--r-- | CHANGELOG | 3 | ||||
| -rw-r--r-- | modules/pam_unix/support.c | 14 |
2 files changed, 12 insertions, 5 deletions
@@ -62,7 +62,8 @@ BerliOS Bugs are marked with (BerliOS #XXXX). 0.79: please submit patches for this section with actual code/doc patches! - +* pam_unix: don't log user unknown failure when he can be properly + authenticated by another module 0.78: Do Nov 18 14:48:36 CET 2004 diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index 5138a875..cf01e3c2 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -698,6 +698,8 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name } } else { D(("user's record unavailable")); + p = NULL; + retval = PAM_AUTHINFO_UNAVAIL; if (on(UNIX_AUDIT, ctrl)) { /* this might be a typo and the user has given a password instead of a username. Careful with this. */ @@ -705,11 +707,14 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name "check pass; user (%s) unknown", name); } else { name = NULL; - _log_err(LOG_ALERT, pamh, - "check pass; user unknown"); + if (on(UNIX_DEBUG, ctrl) || pwd == NULL) { + _log_err(LOG_ALERT, pamh, + "check pass; user unknown"); + } else { + /* don't log failure as another pam module can succeed */ + goto cleanup; + } } - p = NULL; - retval = PAM_AUTHINFO_UNAVAIL; } } else { int salt_len = strlen(salt); @@ -831,6 +836,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name } } +cleanup: if (data_name) _pam_delete(data_name); if (salt) |