RSS feed

Re: Query about authinfo_unavail and user_unknown behaviour

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: Query about authinfo_unavail and user_unknown behaviour

On Wed, 2014-10-08 at 12:36 +0200, Berend De Schouwer wrote:
> I can confirm good behaviour with this patch, bad behaviour with
> 0.7.16.

Thanks. Note that 0.7.16 contains a known security issue
(CVE-2013-0288). I'm not sure the PAM return code issue will be fixed in
0.7 because it will only receive fixes for major bugs.

If you are compiling from source I strongly recommend at least 0.8.14
because it contains a number of improvements in this area (as mentioned
the issue you reported is fixed in 0.8.3). The 0.9.4 release is also
quite stable at this point.

> My "unit tests" to test this condition were getting confused because:
> "not retrying server ldap:// which failed just 1
> second(s) ago and has been failing for 12 seconds"
> It's been a bit problematic writing repeatable tests for nslcd
> up/down, ldap up/down, password in cache up/down, password good/bad...
> Fun with timing :)

Testing is indeed quite hard and the automated tests I have now are
mostly for the happy flow (and a few limited tests for the timeout

-- arthur - - --
To unsubscribe send an email to or see