-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Marc MERLIN schrieb:
> Indeed. 0.12 was the latest in my distro, but I downloaded the latest 0.18
> from packages.debian.org/testing/ and I still have the same problem
You normally don't need to use pam_mount together with su. If you do,
there unfortunately will be a prompt "reenter password" when su is
started from root. And this breaks cron jobs using the su program.
I attached a patch which gets rid of the password prompting. This might
also fix the segfault you are experiencing when using cron and su
configured for pam_mount.
Regards,
Bastian
- --
,''`. Bastian Kleineidam
: :' : GnuPG Schlüssel
`. `' gpg --keyserver wwwkeys.pgp.net --recv-keys 32EC6F3E
`-
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFeIzeeBwlBDLsbz4RAmG1AJ4gRvmkqk271pENlHXEPRZa5+bmngCdHRSs
wpQ1SvJTZVh/Q/98OD1/lmE=
=MiO3
-----END PGP SIGNATURE-----
#! /bin/sh /usr/share/dpatch/dpatch-run
## 21_delay_system_auth.dpatch by <[EMAIL PROTECTED]>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: When no volumes are bound to mount, don't make further efforts
## DP: and just return. This includes reading the system auth token.
## DP: Else when using pam_mount together with the su program, su will
## DP: always ask to "reenter password" when started from root. This
## DP: breaks existing cron jobs, which is not nice.
@DPATCH@
diff -urNad libpam-mount-0.18~/src/pam_mount.c libpam-mount-0.18/src/pam_mount.c
--- libpam-mount-0.18~/src/pam_mount.c 2006-08-05 16:23:15.000000000 +0200
+++ libpam-mount-0.18/src/pam_mount.c 2006-12-07 22:36:42.472385484 +0100
@@ -407,17 +407,6 @@
goto _return;
}
- ret = pam_get_data(pamh, "pam_mount_system_authtok",
- static_cast(const void **, static_cast(void *,
&system_authtok)));
- if(ret != PAM_SUCCESS) {
- l0g(PMPREFIX "error trying to retrieve authtok from auth
code\n");
- ret = read_password(pamh, "reenter password:",
&system_authtok);
- if(ret != PAM_SUCCESS) {
- l0g(PMPREFIX "error trying to read password\n");
- goto _return;
- }
-
- }
if(!readconfig(Config.user, CONFIGFILE, 1, &Config)) {
ret = PAM_SERVICE_ERR;
goto _return;
@@ -449,13 +438,26 @@
} else
w4rn(PMPREFIX "%s does not exist or is not owned by user\n",
Config.luserconf);
- if(Config.volcount <= 0)
- w4rn(PMPREFIX "no volumes to mount\n");
+ if(Config.volcount <= 0) {
+ w4rn(PMPREFIX "no volumes to mount\n");
+ goto _return;
+ }
if(!expandconfig(&Config)) {
l0g(PMPREFIX "error expanding configuration\n");
ret = PAM_SERVICE_ERR;
goto _return;
}
+ ret = pam_get_data(pamh, "pam_mount_system_authtok",
+ static_cast(const void **, static_cast(void *,
&system_authtok)));
+ if(ret != PAM_SUCCESS) {
+ l0g(PMPREFIX "error trying to retrieve authtok from auth
code\n");
+ ret = read_password(pamh, "pam_mount reenter password:",
&system_authtok);
+ if(ret != PAM_SUCCESS) {
+ l0g(PMPREFIX "error trying to read password\n");
+ goto _return;
+ }
+
+ }
w4rn(PMPREFIX "%s: real uid/gid=%ld:%ld, effective uid/gid=%ld:%ld\n",
__FUNCTION__, static_cast(long, getuid()),
static_cast(long, getgid()), static_cast(long, geteuid()),
