Hi ,
I have problem with password synchronization.
Consider the following scenario.
When administrator configures the password section of the
pam configuration file with two modules assume unix and
kerberos as follows
passwd password required libpam_unix.so
passwd password required libpam_krb5.so
use_first_pass
Assume a user whose password in both the mechanisms are in sync ,
and there is no policy assoiciated with the user in Unix but in
Kerberos there is a policy (minimum length of the password
need to be 8 chars) associated with that user , Now the user
tries to change the password and he is asked for the "Old Password:"
and he enters old password and when "New Password :" is asked for
the user enters lets assume "secret" (length=6) , As unix is configured
first the user will get his password changed in unix , but when it
comes to Kerberos as there is a policy associated with the user which
has minimum length of the password as 8 chars , his password cannot
be changed. Now the passwords in the two databases(unix and Kerberos)
are not in sync.
Here I have a problem , I want the users password always be in sync
which is getting violated in the above scenario. Is this a limitation
of PAM architecture or can we rollback the old password in Unix
if the chauthtok() fails in the Kerberos.
Please help me out in this .
thanks in advance .
regards
Bandi.
