From 96b39e02ba160cda74b70b4cd9bac34c760e1701 Mon Sep 17 00:00:00 2001 From: Joseph Reynolds Date: Thu, 5 Dec 2019 17:53:35 -0600 Subject: Change PAM service_name for password changes BMCWeb was using the "passwd" command PAM configuration settings when changing the password. This changes it to use PAM service_name="webserver", the same name it already uses for PAM authentication and account management functions. Doing so allows the BMC system administrator to provide separate PAM config files for the "passwd" command and BMCWeb's password changing function, and for these activities to be correctly identified in the system logs. Here is a sample incorrect log message (truncated & wrapped): bmcweb[353]: pam_warn(passwd:chauthtok): function=[pam_sm_chauthtok] flags=0xc000 service=[passwd] terminal=[] user=[testuser] ruser=[] rhost=[] The "service" should be "webserver". Tested: yes, password change successful Change-Id: I593f42c8f0494df967fb498fb4dd66fa4168596b Signed-off-by: Joseph Reynolds --- include/pam_authenticate.hpp | 2 +- pam-webserver | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/include/pam_authenticate.hpp b/include/pam_authenticate.hpp index 5d78efc..234246d 100644 --- a/include/pam_authenticate.hpp +++ b/include/pam_authenticate.hpp @@ -93,7 +93,7 @@ inline int pamUpdatePassword(const std::string& username, pamFunctionConversation, const_cast(password.c_str())}; pam_handle_t* localAuthHandle = nullptr; // this gets set by pam_start - int retval = pam_start("passwd", username.c_str(), &localConversation, + int retval = pam_start("webserver", username.c_str(), &localConversation, &localAuthHandle); if (retval != PAM_SUCCESS) diff --git a/pam-webserver b/pam-webserver index 47e787f..473b922 100644 --- a/pam-webserver +++ b/pam-webserver @@ -2,3 +2,4 @@ auth include common-auth account include common-account +password include common-password -- cgit v1.2.1