Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#75647 - [pambase] unknown usernames are logged (due to pam_shells.so), exposing accidentally typed passwords
Attached to Project:
Arch Linux
Opened by Jonathan Krebs (thejonny) - Thursday, 18 August 2022, 18:21 GMT
Last edited by Toolybird (Toolybird) - Friday, 19 August 2022, 04:14 GMT
Opened by Jonathan Krebs (thejonny) - Thursday, 18 August 2022, 18:21 GMT
Last edited by Toolybird (Toolybird) - Friday, 19 August 2022, 04:14 GMT
|
DetailsDescription:
even if `LOG_UNKFAIL_ENAB no` is in `/etc/login.def`, `login` logs unknown usernames on a fresh archlinux installation. This is caused by pam_shells in `/etc/pam.d/system-login`, which returns `PAM_AUTH_ERR` for unknown users, instead of `PAM_USER_UNKOWN`. Is `pam_shells` any good for programs apart from `chsh`? (This is especially painful, if the password is the passphrase for an encrypted home on an unencrypted root.) Additional info: * package version(s): pambase 20211210-1 * config and/or log files etc. * link to upstream bug report, if any: * I reported the issue also in https://github.com/linux-pam/linux-pam/issues/483 Steps to reproduce: |
This task depends upon