-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Function pam.read_file is not available? #20809
Comments
Thanks for the report @lorengordon. I am not very familiar with the particulars of the pam module, but it looks like @techhat can perhaps comment on your question here. |
@lorengordon Apologies for never circling back around to your question. I think this restriction was just one way to check if pam is installed when the module was first written. If there are other file paths that would expose the installation of pam, that virtual check can certainly be adjusted. |
Heh, no worries. This looks like a pretty easy one. I'll try to come back to it and get it working. |
That would be great. I'll change this to a more "this should be addressed" labeling scheme rather than just "Question". :) |
The test in the virtual function was unnecessary. The pam module does not itself rely on any external python or pam libraries. The only function present, pam.read_file(), accepts a file name as a parameter, checks if it exists, and parses the file. There is no reason to avoid loading the module. Fixes saltstack#20809
The test in the virtual function was unnecessary. The pam module does not itself rely on any external python or pam libraries. The only function present, pam.read_file(), accepts a file name as a parameter, checks if it exists, and parses the file. There is no reason to avoid loading the module. Fixes #20809
Fixed via #34002 |
I've been helping work on a security baseline implemented via salt and saw that salt has the start of a pam module. But it appears salt will only load the module if
libpam.so
exists at/usr/lib/libpam.so
. On a CentOS system with the 64bit version of the pam rpm, the corresponding file exists in/lib64
. I'm not sure thatos.path.exists
will have the desired behavior anyway, though, since the file is really/lib64/libpam.so.0
and is a symlink to/lib64/libpam.so.0.82.2
. Any idea why this loading restriction is in there?https://github.com/saltstack/salt/blob/develop/salt/modules/pam.py
The text was updated successfully, but these errors were encountered: