fail authentication if user isn't member of *any* require_membership_of specified groups

[Noel Power]

While playing with pam I came across some strange ( or at least strange
to me ) behaviour. If for example you set

    require_membership_of specified=bogus

where bogus ( like it hints is a non existent name or group sid ) then
you will be happily authenticated. This imho wrong and dangerous as you
easily might not notice a typo when entering that field, it would be
better to fail in this case ( and force the administrator to investigate
). The attached patch should fix that. Please review

thanks,
Noel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-fail-authentication-for-single-group-name-which-cann.patch
Type: application/mbox
Size: 1176 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20131107/4c0f3bf0/attachment.bin>