[SGVLUG] On a currently patched CentOS5 host, PAM_USER not always being set

Scott Packard spackard at gmail.com
Mon May 11 10:35:00 PDT 2015


To tell you the truth I don't know about CentOS7.  It works in CentOS6,
and this morning I tried on CentOS5.11x64 dropping to runlevel 3 and
logging in via the command line and that works,
ssh works, and su - works.
I'm kind of leaning towards gdm having some issue, but I tried
starting a kde session and that didn't work either (but the front-end
login looked exactly the same).
I'll have to Google some more, as earlier I was thinking it was a bug
in pam_exec.so, but since I can get $PAM_USER via a pam_exec.so call
through the other login vectors mentioned above I'm thinking it's not
pam_exec's fault now.

Regards, Scott

On Mon, May 11, 2015 at 10:22 AM, Matthew Campbell <dvdmatt at gmail.com> wrote:
> Does this happen on CentOS 7?  It may be that this fix was not back-ported
> to 5.11 (that's fairly old now).
>
> If you apply the patch documented in the bug report does 5.1 start to work?
>
> Matt
>
> On May 9, 2015 9:38 PM, "Scott Packard" <spackard at gmail.com> wrote:
>>
>> > ssh localhost
>> $ cat /tmp/outfile
>> /usr/local/src/test.sh is running at Sat May  9 20:56:37 PDT 2015
>> PAM_SERVICE=sshd
>> PAM_RHOST=localhost.localdomain
>> PAM_USER=packard
>> PAM_TYPE=auth
>> PAM_TTY=ssh
>>
>> > gnome login
>> /usr/locaGUI l/src/test.sh is running at Sat May  9 20:58:30 PDT 2015
>> PAM_SERVICE=gdm
>> PAM_TYPE=auth
>> PAM_TTY=:0
>>
>>
>> On a CentOS5.11 x64 host, fully patched,
>> during authentication, I've shimmed a pam_exec call to a simple script
>> that
>> env | grep PAM >> /tmp/outfile
>>
>> If I'm already logged in, and ssh localhost, then PAM_USER is set,
>> but if I log out, then try logging in via GNOME, PAM_USER is not set.
>>
>>
>> This works on CentOS6 and Solaris 10x64.
>> There was a bug reported about this on an earlier pam rpm, but was fixed
>> in 2013
>> and I have the latest pam rpm, pam-0.99.6.2-12.el5, which was in at
>> least RHEL5.9.
>> Any idea why?
>> Has anyone bumped into this?
>> I thought maybe it was an anomaly on another machine so I spent time
>> tonight
>> building up a fresh CentOS5.11x64 install into virtualbox.  No change.
>>
>> Regards, Scott
>>
>



More information about the SGVLUG mailing list