| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
Don't use the PAM handle before it's initialized or after it's freed
(static analysis).
|
|
|
|
|
|
| |
The server's mainline code doesn't appear to log successful
authentication beyond what already shows up in the access log, so we
should probably behave ourselves.
|
| |
|
|
|
|
|
|
|
| |
Use a dummy user name if the one we get passed is NULL, which happens
when the bind target entry doesn't contain a "uid" attribute. Try to
avoid a timing attack by calling into PAM anyway. Switch to just
logging the detailed error information, and telling the client nothing.
|
|
|
|
|
|
|
| |
Don't bother to fetch the full set of request controls, since we don't
do anything with them. Merge what's left of backend_sch_do_pam_auth()
and do_pam_auth(). Separate the concoct-an-error-message logic out into
a helper that we call after both pam_authenticate() and pam_acct_mgmt().
|
| |
|
|
src/back-sch-pam.c implements PAM authentication for users not found in
the LDAP tree using system-auth system service when running on FreeIPA
master server.
|