Posted by Lk2 on August 4, 2008 at 5:02pm
| Project: | PAM Authentication |
| Version: | 6.x-1.1 |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | active |
Issue Summary
Having PAM Auth enabled you can't login with no-PAM accounts, like usually the administrator account.
I think it's because developers overwrite the $form['#validate'] variable (on line 55 of pam_auth.module). If the pam_auth login fails, the normal Drupal users or other autethication methods won't work.
I'm working on a patch to fix the issue
Comments
#1
I'm not positive, but I think this works.
Change:
$form['#validate'][1] = 'pam_auth_distributed_validate';To:
array_unshift($form['#validate'], 'pam_auth_distributed_validate');#2
I think that it would work, but this isn't the best way... because you are "jumping" the first authentication validator (the item on position 0). This validator is important because, if I remember well, is the one that check the name user isn't blocked or unathorized.
I do that (it's a very ugly way, but my knowledge of PHP is very limited):
change
$form['#validate'][1] = 'pam_auth_distributed_validate';for
$form['#validate'][3] = $form['#validate'][2];$form['#validate'][2] = 'pam_auth_distributed_validate';
In that way, the user first try to be loged with SQL users table, and if it fails (because the password doesn't match in the case of LDAP login), it makes a PAM Auth authentication.
I think that there is no problem in execute first PAM and then drupal login...
Here is my patch, if it's needed for somebody