pam_unix returns incorrect return value when not run as root

This is confirmed

I've hit this bug when developing an application validating users using PAM; even when you make a /etc/pam.d/something file that uses the dummty "allow everything" module, PAM insists on trying to read /etc/shadow for some reason. If and when you run the application as root (or as a user in the "shadow"-group) no such problem exists.

The postgresql-folks seem to have hit this as well: http://archives.postgresql.org/pgsql-advocacy/2003-05/msg00058.php

(I did cook up some minimal files using Python-PAM to illustrate this, but unfortunately I got a little over-zealous cleaning up my code last week. No VCS-checkins as well. Æv.)

Jerome, could you check whether this is still an issue with pam 1.0.1, now in intrepid? I believe that a recent code refactor upstream means that the return values will be the same when running as root or as a user.

msiebuhr, you appear to be describing a separate issue. PAM does *not* read /etc/shadow except when configured to use the pam_unix module, so it sounds like you have a configuration error.

Jerome, I'm sure you're out there, I just saw you on #multiarch ;) Can you please comment whether this is still an issue with current versions of pam_unix?

[Expired for pam (Ubuntu) because there has been no activity for 60 days.]

Hello,

I'm using oneiric 11.10 ; i face the same issue, logins work fine, but gnome-screensaver does not; in the auth logs i get a message saying:

Aug 20 20:31:37 hostname unix_chkpwd[17080]: check pass; user unknown
Aug 20 20:31:40 hostname unix_chkpwd[17081]: check pass; user unknown
Aug 20 20:31:40 hostname unix_chkpwd[17081]: password check failed for user (usernameX)
Aug 20 20:31:40 hostname gnome-screensaver-dialog: pam_unix(gnome-screensaver:auth): authentication failure; logname= uid=10013 euid=10013 tty=:0.0 ruser= rhost= user=usernameX
Aug 20 20:31:51hostname ccreds_chkpwd[17095]: error reading cached credentials