[Freeipa-devel] [PATCH] reuse authtok which is already in the pam stack
Sumit Bose
sbose at redhat.com
Thu Apr 30 09:23:08 UTC 2009
Simo Sorce schrieb:
> On Wed, 2009-04-29 at 23:23 +0200, Sumit Bose wrote:
>> Sumit Bose schrieb:
>>> Sumit Bose schrieb:
>>>> Hi,
>>>>
>>>> this is a quick and dirty patch for the use_first_pass issue,
>> please test.
>>>> bye,
>>>> Sumit
>>>>
>>> Hi,
>>>
>>> this new version adds the 'use_first_pass' option.
>>>
>> this new version fixes a problem when compiling with -DDEBUG
>
> ack and pushed.
>
> I also pusehd a patch that fixes indentation, it doesn't change any code
> so I didn't put it on for review.
>
sorry, I just found out that pam_sss didn't play nice with
pam_cracklib.so, because pam_cracklib.so only provides a new password
and not the old one.
If you want to change the password for a user from the LOCAL domain a
workaround is either to disable pam_cracklib.so in system-auth, or to
ignore the first three requests to enter a new password and then enter
old and new password.
bye,
Sumit
More information about the Freeipa-devel
mailing list