I have a problem with forcing password changes on login. From what I can tell, account pam_unix is requesting the password change with PAM_NEW_AUTHTOK_REQD. From there though, the password change procedure is not the same as when passwd is launched from the command line. Then end result is that the SMB password is not updated when the password is changed on login.
Any ideas anyone?
John.
-- a normal password change $ passwd Changing password for jnewbigin Current SMB password: New LINUX password: Retype new LINUX password: passwd: all authentication tokens updated successfully $
-- a change on login $ ssh jnewbigin@xxxxxxx jnewbigin@xxxxxxx's password: You are required to change your password immediately (root enforced) Warning: Your password has expired, please change it now Changing password for jnewbigin (current) UNIX password: New LINUX password: Retype new LINUX password: $
It is a redhat 7.2 box. Here is /etc/system-auth:
auth required /lib/security/pam_env.so auth requisite /lib/security/pam_unix.so likeauth nullok auth optional /lib/security/pam_smbpass.so migrate
account required /lib/security/pam_unix.so
password required /lib/security/pam_cracklib.so retry=3 type=LINUX
password required /lib/security/pam_smbpass2.so use_authtok try_first_pass migrate
password requisite /lib/security/pam_unix.so use_authtok md5 shadow try_first_pass
session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so
-- Information Technology Innovation Group School of Information Technology Swinburne University of Technology Melbourne, Australia http://www.it.swin.edu.au/staff/jnewbigin
_______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
