Non-root on FreeBSD Accepts Good Username but Bad Password

[git-blame]

If I'm using this module in FreeBSD as a non-root user, a good username but bad password will pass. Note a bad (non-existent) username will fail as expected. As root, the authentication works correctly.

[vagrant@vagrant-bsd93 ~]$ env LOGNAME=vagrant python -m simplepam // bad pwd: foobar
Password:
True
[vagrant@vagrant-bsd93 ~]$ env LOGNAME=foobar python -m simplepam // bad user, bad pwd
Password:
False

I expected that the bad password should fail. Or if root access is required, then all authentication checks as non-root should fail.

[sebastianriese]

BSD pam and Linux pam are not compatible, therefore this is not expected to work. (compare https://en.wikipedia.org/wiki/Pluggable_authentication_module).

We should document this more clearly and think about checking the OS and fail hard early if we are not on Linux.