fail authentication if user isn't member of *any* require_membership_of specified groups

Noel Power nopower at
Thu Nov 7 03:34:14 MST 2013

While playing with pam I came across some strange ( or at least strange
to me ) behaviour. If for example you set

    require_membership_of specified=bogus

where bogus ( like it hints is a non existent name or group sid ) then
you will be happily authenticated. This imho wrong and dangerous as you
easily might not notice a typo when entering that field, it would be
better to fail in this case ( and force the administrator to investigate
). The attached patch should fix that. Please review

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-fail-authentication-for-single-group-name-which-cann.patch
Type: application/mbox
Size: 1176 bytes
Desc: not available
URL: <>

More information about the samba-technical mailing list