From owner-freebsd-i386@FreeBSD.ORG  Sat Jun 14 16:00:24 2003
Return-Path: <owner-freebsd-i386@FreeBSD.ORG>
Delivered-To: freebsd-i386@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B258837B401
	for <freebsd-i386@hub.freebsd.org>;
	Sat, 14 Jun 2003 16:00:24 -0700 (PDT)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 58CFC43FAF
	for <freebsd-i386@hub.freebsd.org>;
	Sat, 14 Jun 2003 16:00:24 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h5EN0OUp081854
	for <freebsd-i386@freefall.freebsd.org>;
	Sat, 14 Jun 2003 16:00:24 -0700 (PDT)
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h5EN0NDd081853;
	Sat, 14 Jun 2003 16:00:23 -0700 (PDT)
Date: Sat, 14 Jun 2003 16:00:23 -0700 (PDT)
Message-Id: <200306142300.h5EN0NDd081853@freefall.freebsd.org>
To: freebsd-i386@FreeBSD.org
From: Dag-Erling Smorgrav <des@ofug.org>
Subject: Re: i386/53324: pam_group problems (PAM_RUSER used instead of
 PAM_USER)
X-BeenThere: freebsd-i386@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: Dag-Erling Smorgrav <des@ofug.org>
List-Id: I386-specific issues for FreeBSD <freebsd-i386.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-i386>,
	<mailto:freebsd-i386-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-i386>
List-Post: <mailto:freebsd-i386@freebsd.org>
List-Help: <mailto:freebsd-i386-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-i386>,
	<mailto:freebsd-i386-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Jun 2003 23:00:25 -0000

The following reply was made to PR i386/53324; it has been noted by GNATS.

From: Dag-Erling Smorgrav <des@ofug.org>
To: Kamen@edelweiss.dyns.cx
Cc: "Angelov <kamenangelov"@netscape.net,
	FreeBSD-gnats-submit@FreeBSD.org
Subject: Re: i386/53324: pam_group problems (PAM_RUSER used instead of
 PAM_USER)
Date: Sun, 15 Jun 2003 00:59:41 +0200

 Kamen Angelov <kamenangelov@netscape.net> writes:
 > I believe this is a problem with pam_group itself: the module reads
 > the PAM_RUSER field instead of PAM_USER when trying to fetch the
 > username of the user. I believe PAM_USER would be the correct field
 > to read in this context.
 
 No.  PAM_RUSER is the applicant, PAM_USER is the user you're trying to
 log in as.  The purpose of pam_group(8) is to check that the applicant
 is in the correct group.
 
 The correct solution to your problem would be to make pam_group(8)
 understand the auth_as_self flag, not to blindly change PAM_RUSER to
 PAM_USER.
 
 > When PAM_RUSER is replaced with PAM_USER all warnings disappear and
 > everything seem to work as expected.
 
 Except for su(1), which is what pam_group(8) is intended for.
 
 DES
 -- 
 Dag-Erling Smorgrav - des@ofug.org