Bug 1219358

Summary: AUDIT-WHITELIST: pam: new module: pam_canonicalize_user to canonicalize user name
Product: [openSUSE] openSUSE Tumbleweed Reporter: Thorsten Kukuk <kukuk>
Component: SecurityAssignee: Matthias Gerstner <matthias.gerstner>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: valentin.lefebvre
Version: Current   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Thorsten Kukuk 2024-01-30 15:17:30 UTC 
Linux-PAM comes with a new trivial PAM module (~15 lines of code), which needs to be whitelisted.

PR for the module:
https://github.com/linux-pam/linux-pam/pull/617
Comment 1 Matthias Gerstner 2024-01-31 09:18:26 UTC 
The new module is already found in the pam devel project on OBS.

It just checks whether the provided username, when resolved via getpwnam &
friends, differs. If so then the username stored in the PAM handle is adjusted
to the one provided by the system functions.

Whitelisting can be done.
Comment 2 OBSbugzilla Bot 2024-02-01 11:35:03 UTC 
This is an autogenerated message for OBS integration:
This bug (1219358) was mentioned in
https://build.opensuse.org/request/show/1143293 Factory / rpmlint
Comment 3 Matthias Gerstner 2024-02-07 09:25:30 UTC 
The whitelisting has reached Factory. Closing.