Re: VRDP not working after upgrading to 5.1
Posted: 20. Dec 2016, 20:31
@socratis - I will, but I wanted to give a little time to both make sure no immediate bugs popped up and see if anyone else here wanted to try it out.
@frank - it should work if you run your VM as the same user you want to authenticate using external auth, but pam_unix explicitly drops priviliges when a non-root user attempts to authenticate someone else. This words on some distros (e.g. debian) where /etc/shadow is owned by the shadow group and unix_chkpwd runs as sgid shadow, since it only checks UID privs, not GID. But on distros that don't do the (e.g., RH-based) it won't work. In fact, RHEL/CentOS 7 explicitly set /etc/shadow to root:root 000 to prevent anyone but root from reading it, thus the need to work around it.
It's definitely not a universal issue, and I already have some ideas for how to make my solution better, which I'll probably do before I update the bug report.
@frank - it should work if you run your VM as the same user you want to authenticate using external auth, but pam_unix explicitly drops priviliges when a non-root user attempts to authenticate someone else. This words on some distros (e.g. debian) where /etc/shadow is owned by the shadow group and unix_chkpwd runs as sgid shadow, since it only checks UID privs, not GID. But on distros that don't do the (e.g., RH-based) it won't work. In fact, RHEL/CentOS 7 explicitly set /etc/shadow to root:root 000 to prevent anyone but root from reading it, thus the need to work around it.
It's definitely not a universal issue, and I already have some ideas for how to make my solution better, which I'll probably do before I update the bug report.