Re: Forced password changes and other PAM modules using passwords

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Floris Bos <bos [at] je-eigen-domein.nl>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: Forced password changes and other PAM modules using passwords
Date: Wed, 10 May 2017 00:15:44 +0200

On 05/06/2017 07:23 PM, Floris Bos wrote:

But now I would like to force users to change their password on firstlogin.If I set a user's account to shadowLastChange to 0 and shadowMax to10000, the user indeed gets prompted to change his password.
However in that case mounting the home directory afterwards fails.
I think this is caused by libpam-mount still trying to use the oldpassword to login, and not the new password entered.
Is there any way to make libpam-ldapd pass the new password through toPAM modules that come after it?


Managed to solve the problem.

Wasn't related to pam-ldapd, but just a pam configuration problem withpam-mount instead.The standard Debian package only added pam-mount to common-auth (tocapture initial login password) and common-session (to do the actualmounting).

While it has to be added to /etc/pam.d/common-password as well, to beable to capture the new password on forced password changes.



Yours sincerely,

Floris Bos

--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/

Forced password changes and other PAM modules using passwords, Floris Bos
- Re: Forced password changes and other PAM modules using passwords, Floris Bos

Prev by Date: Forced password changes and other PAM modules using passwords
Next by Date: nss_initgroups_ignoreusers ALLLOCAL issue
Previous by thread: Forced password changes and other PAM modules using passwords
Next by thread: nss_initgroups_ignoreusers ALLLOCAL issue