The following patch works around the issue:
kiko@anthem:/mondo/src/APACHE/mod_auth_pam-1.1.1$ diff -u mod_auth_pam.c-orig mod_auth_pam.c --- mod_auth_pam.c-orig 2004-08-27 15:22:01.000000000 -0300 +++ mod_auth_pam.c 2004-08-27 15:31:57.000000000 -0300 @@ -370,7 +370,7 @@ if((res = pam_authenticate(pamh, PAM_DISALLOW_NULL_AUTHTOK)) != PAM_SUCCESS ) { ap_log_reason((char*)compat_pam_strerror(pamh, res), r->uri, r); - if(conf->fall_through && (res == PAM_USER_UNKNOWN)) { + if(conf->fall_through) { /* we don't know about the user, but other auth modules might do */ pam_end(pamh, PAM_SUCCESS); return DECLINED;
I say works around because we really should only fall through if the user is unknown; it does work, though.
The following patch works around the issue:
kiko@anthem: /mondo/ src/APACHE/ mod_auth_ pam-1.1. 1$ diff -u mod_auth_pam.c-orig mod_auth_pam.c e(pamh, PAM_DISALLOW_ NULL_AUTHTOK) ) != log_reason( (char*) compat_ pam_strerror( pamh, res), r->uri, r); >fall_through && (res == PAM_USER_UNKNOWN)) { >fall_through) {
pam_end( pamh, PAM_SUCCESS);
--- mod_auth_pam.c-orig 2004-08-27 15:22:01.000000000 -0300
+++ mod_auth_pam.c 2004-08-27 15:31:57.000000000 -0300
@@ -370,7 +370,7 @@
if((res = pam_authenticat
PAM_SUCCESS ) {
ap_
- if(conf-
+ if(conf-
/* we don't know about the user, but other auth modules might do */
return DECLINED;
I say works around because we really should only fall through if the user is unknown; it does work, though.