search

txdv / mod-auth-external

Automatically exported from code.google.com/p/mod-auth-external
0 stars 0 forks source link

checkpassword method appears to be broken in 3.2.x version #1

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?

1. install mod_authnz_external 3.2.x version
2. configure external authenticator to use the checkpassword method
3. attempt to authenticate with checkpassword compatible authenticator
(like vcheck).

What is the expected output? What do you see instead?

Expected login when correct credentials are entered.

What version of the product are you using? On what operating system?

3.2.x versions, on CentOS.  3.1.x on same system seems fine.

Please provide any additional information below.

What seems to be happening is that the user and password are being sent in
on descriptor 0, not 3 like it should be.

Original issue reported on code.google.com by mdetr...@gmail.com on 4 Nov 2009 at 10:28

GoogleCodeExporter commented 9 years ago 
This bug was fixed in the 3.2.5 release.  Thanks for pointing it out.

Original comment by j...@unixpapa.com on 7 Jan 2010 at 5:35

GoogleCodeExporter commented 9 years ago 
still having this problem using checkpassword-pam, from the command line it 
works correctly with the sample from the man page at 
http://checkpasswd-pam.sourceforge.net/checkpassword-pam.8.html:

echo -e "username\0password\0timestamp\0" \
         | checkpassword-pam -s login \
           --debug --stdout -- /usr/bin/id 3<&0

Original comment by marcello.teodori on 28 Oct 2010 at 12:04

GoogleCodeExporter commented 9 years ago 
using 3.2.5 on Apache/2.2.3, CentOS release 5.5

Original comment by marcello.teodori on 28 Oct 2010 at 12:06

GoogleCodeExporter commented 9 years ago 
Same thing happens with 3.2.6 :-(

Apache Log tells:

[Thu Dec 15 14:41:34 2011] [error] [client 10.1.3.3] AuthExtern checkpassword 
[/usr/bin/sudo /usr/local/bin/checkpassword_auth -s login -H --noenv --debug 
--stdout -- /bin/true]: Failed (1) for user user001
[Thu Dec 15 14:41:34 2011] [error] [client 10.1.3.3] user user001: 
authentication failure for "/phpinfo.php": Password Mismatch

/etc/sudoers is set:
apache  ALL=(ALL)       NOPASSWD:/usr/local/bin/checkpassword_auth

/usr/local/bin/checkpassword_auth has:

#!/bin/bash
exec /usr/bin/checkpassword-pam "$@" 3<&0

From commandline as stated by marcello it is working.

httpd -V
Server version: Apache/2.2.15 (Unix)
Server built:   Apr  9 2011 08:58:28
Server's Module Magic Number: 20051115:24
Server loaded:  APR 1.3.9, APR-Util 1.3.9
Compiled using: APR 1.3.9, APR-Util 1.3.9
Architecture:   64-bit
Server MPM:     Prefork
  threaded:     no
    forked:     yes (variable process count)

Original comment by t...@tiri.li on 15 Dec 2011 at 1:50

GoogleCodeExporter commented 9 years ago 
This is still a problem with 3.2.6

Original comment by T...@RockyMountainStreams.com on 27 Jan 2014 at 9:21