Re: pam_ldapd problem

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Arthur de Jong <arthur [at] arthurdejong.org>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: pam_ldapd problem
Date: Fri, 15 Jun 2012 23:09:12 +0200

On Fri, 2012-06-15 at 16:53 +0200, Anton Helwart wrote:
> I solved this with a small patch to pam.c (it's attached to this mail). 
> Now pam_ldap.so returns PAM_AUTH_ERR when I enter a wrong password 
> in the preliminary check and I can use something like this in 
> /etc/pam.d/common-password: 
> 
> password        [success=ok auth_err=die new_authtok_reqd=ok \
> ignore=ignore default=bad]    pam_ldap.so debug
> 
> But I'm no expert. Maybe someone can review my the patch and tell
> me, if I'm doing something wrong.

Thanks for the patch and digging into this. The problem was that the
result of storing the old password was always returned regardless of the
authentication result.

This is fixed in SVN:
http://arthurdejong.org/viewvc/nss-pam-ldapd?revision=1702&view=revision

The bug was first introduced in 0.8.0 so the 0.7 series should not have
this bug.

Thanks again!

-- 
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org --

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

pam_ldapd problem, Anton Helwart
- Re: pam_ldapd problem, Anton Helwart
  - Re: pam_ldapd problem, Arthur de Jong

Prev by Date: Re: pam_ldapd problem
Next by Date: Re: problem building 0.8.9
Previous by thread: Re: pam_ldapd problem
Next by thread: --disable-nslcd, nssov, and local user lookups