Re: pam_ldapd problem
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: pam_ldapd problem
- From: Arthur de Jong <arthur [at] arthurdejong.org>
- To: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: pam_ldapd problem
- Date: Fri, 15 Jun 2012 23:09:12 +0200
On Fri, 2012-06-15 at 16:53 +0200, Anton Helwart wrote:
> I solved this with a small patch to pam.c (it's attached to this mail).
> Now pam_ldap.so returns PAM_AUTH_ERR when I enter a wrong password
> in the preliminary check and I can use something like this in
> /etc/pam.d/common-password:
>
> password [success=ok auth_err=die new_authtok_reqd=ok \
> ignore=ignore default=bad] pam_ldap.so debug
>
> But I'm no expert. Maybe someone can review my the patch and tell
> me, if I'm doing something wrong.
Thanks for the patch and digging into this. The problem was that the
result of storing the old password was always returned regardless of the
authentication result.
This is fixed in SVN:
http://arthurdejong.org/viewvc/nss-pam-ldapd?revision=1702&view=revision
The bug was first introduced in 0.8.0 so the 0.7 series should not have
this bug.
Thanks again!
--
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org --
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/