2015-03-24 01:39:37 |
David Leonard |
description |
When authenticating some users, tac_plus will check system passwords, and crash of the account is disabled.
To reproduce: set the system password (/etc/shadow) of a tac+ authenticated user to "!"; then try authenticating from a remote client (in my case with pam_tacplus); the tac_plus server will fault inside strcmp; first parameter passwd to strcmp is (NULL, ...) because crypt(,"!") returned NULL.
Patch attached. |
When authenticating some users, tac_plus will check system passwords, and crash if the account is disabled.
To reproduce: set the system password (/etc/shadow) of a tac+ authenticated user to "!"; then try authenticating from a remote client (in my case with pam_tacplus); the tac_plus server will fault inside strcmp; first parameter passwd to strcmp is (NULL, ...) because crypt(,"!") returned NULL.
Patch attached. |
|