www.cendio.com
Bug 4460 - lsh-pam-checkpw does not do PAM account validation
: lsh-pam-checkpw does not do PAM account validation
Status: CLOSED FIXED
: ThinLinc
VSM Server
: 3.4.0
: PC Unknown
: P2 Critical
: 4.0.0
Assigned To:
:
:
:
:
  Show dependency treegraph
 
Reported: 2012-11-06 15:35 by
Modified: 2012-11-28 12:44 (History)
Acceptance Criteria:


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From cendio 2012-11-06 15:35:33
It turns out that even though an account is disabled (ie through LDAP
shadowExpire etc), you can create a TL session via tlclient.cgi. This because
lsh-pam-checkpw does not do any account validation. We should call
pam_acct_mgmt, but we are not.
------- Comment #1 From cendio 2012-11-06 15:57:28 -------
Fixed in 26134.
------- Comment #2 From cendio 2012-11-08 13:04:57 -------
Works. Tested on RHEL 6.