This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Pam Agent Challenge Force UserIDs to uppercase (normalize)

JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
‎2020-07-14 04:51 PM
Status: New

UserIDs are not case sensitive in Windows because they have been forced to be upper case or normalized, so that if a UserID is x12345 that is the same as X12345.  By default, Linux is case sensitive.  If a userID of x12345 is sent to the PAM challenge in an include group, and the only entry is X12345, the userID will not match and therefore not be challenged.

If the PAM module had the option to normalize or force the case on Letters in a UserID, it would make the PAM agent similar to the Windows agent in regards to challenge group lookups. 

0 Likes
2 Comments
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
‎2020-11-11 10:57 AM
‎2020-11-11 10:57 AM

This configurable feature has been coded into PAM agent 8.1.2

Fixed in 8.1.2.126

Implemented support for a new CHALLENGE_IGNORE_CASE configuration setting
which my be configured in the /etc/sd_pam.conf file.
If enabled, user name comparisons with either the challenge group members
or the challenged user list are case insensitive.

Status changed to: Proposed
rsalinkadmin
Administrator Administrator
Administrator
‎2021-08-12 09:02 PM
‎2021-08-12 09:02 PM
 
© 2022 RSA Security LLC or its affiliates. All rights reserved.