https://bugs.kde.org/show_bug.cgi?id=458540
David Edmundson <k...@davidedmundson.co.uk> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |WAITINGFORINFO
Status|REPORTED |NEEDSINFO
CC| |k...@davidedmundson.co.uk
--- Comment #6 from David Edmundson <k...@davidedmundson.co.uk> ---
>Our distro uses tcb with users have their own /etc/tcb/<user>/shadow
>As of consequence, password checker has to be in chkpwd group with sgid bit
>set.
Are you sure?
Looking at TCB code (support.c) it has an explicit path for when we're not
running as root.
```
if (uid == geteuid() && uid == pw->pw_uid && uid != 0) {
/* We are not root perhaps this is the reason? */
D(("running helper binary"));
retval = unix_run_helper_binary(user, pass);
```
Which from the make file seems to invoke $(LIBEXECDIR)/chkpwd/tcb_chkpwd
That matches 1:1 how pam_unix works in this situation and why I ported away
from kcheckpass as a helper binary, as good pam modules provide their own
helper binary implementation anyway and we were just duplicating that.
If this is not working correctly that would lean towards a TCB bug or a setup
issue.
I can provide a simpler pam test case that runs as a regular user if that's
useful in diagnosing the issue.
--
You are receiving this mail because:
You are watching all bug changes.
