RSS feed

Re: pam_ldapd problem

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: pam_ldapd problem

On Fri, 2012-06-15 at 16:53 +0200, Anton Helwart wrote:
> I solved this with a small patch to pam.c (it's attached to this mail). 
> Now returns PAM_AUTH_ERR when I enter a wrong password 
> in the preliminary check and I can use something like this in 
> /etc/pam.d/common-password: 
> password        [success=ok auth_err=die new_authtok_reqd=ok \
> ignore=ignore default=bad] debug
> But I'm no expert. Maybe someone can review my the patch and tell
> me, if I'm doing something wrong.

Thanks for the patch and digging into this. The problem was that the
result of storing the old password was always returned regardless of the
authentication result.

This is fixed in SVN:

The bug was first introduced in 0.8.0 so the 0.7 series should not have
this bug.

Thanks again!

-- arthur - - --
To unsubscribe send an email to or see