[Date Prev][Date Next]
Re: Pam password authentication
On Saturday, 5 June 2010 22:52:10 Siddhartha Jain wrote:
> I came across a similar bug where enabling chaining between a master and
> slave allows invalid passwords to be accepted by pam_ldap. Unfortunately,
> no word from OpenLDAP or pam_ldap maintainers on the issue.
Did you file an ITS?
> I have been
> looking at pam_ldap source code but haven't been able to pinpoint the
> issue. In my case, it has something to do with password policy not being
> handled properly when chaining is enabled. I suggest try tweaking those
> "pam_password" statements and see if you can deduce anything.
Well, the first thing would be to be absolutely sure the PAM config is correct,
I haven't had time to compare, my PAM config is quite a bit more complex (with
pam_ccreds in the mix), but I do have a required pam_deny.so at the end of
mine ... (and I can't remember if it is a requirement because of the two
"sufficient"'s, or because of the pam_ccreds stuff which follows).