xCAT/confluent
2
0
Fork 0
mirror of https://github.com/xcat2/confluent.git synced 2025-01-18 05:33:17 +00:00
Code Issues Projects Releases Wiki Activity

Change PAM behavior for authorization

Browse Source 
Previously, any PAM result was treated as good.  This isn't
actually of practical value, since we need a user object to
really do authorization.  Change strategy to give pam a chance
to deny anyone, but require the user to exist in confluent
even if pam says the user is a valid one.
This commit is contained in:
Jarrod Johnson 2015-02-03 11:04:32 -05:00
parent ae1e3f2b8d
commit a009f4c6d1
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
confluent_server/confluent/auth.py
View File

@ -160,7 +160,7 @@ def check_user_passphrase(name, passphrase, element=None, tenant=False):
pammy.authenticate()
pammy.acct_mgmt()
del pammy
return authorize(user, element, tenant, skipuserobj=True)
return authorize(user, element, tenant, skipuserobj=False)
except PAM.error:
if credobj.haspam:
return None