fail authentication if user isn't member of *any* require_membership_of specified groups

Andreas Schneider asn at
Wed Nov 20 05:13:56 MST 2013

On Thursday 07 November 2013 10:34:14 Noel Power wrote:
> While playing with pam I came across some strange ( or at least strange
> to me ) behaviour. If for example you set
>     require_membership_of specified=bogus
> where bogus ( like it hints is a non existent name or group sid ) then
> you will be happily authenticated. This imho wrong and dangerous as you
> easily might not notice a typo when entering that field, it would be
> better to fail in this case ( and force the administrator to investigate
> ). The attached patch should fix that. Please review

I as strlen() return an integer I prefer strlen(sid_list_buffer) == 0 for 

Besides that:

Reviewed-by: Andreas Schneider <asn at>

Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at

More information about the samba-technical mailing list