On Wed, Jul 16, 2003 at 12:37:52PM +1000, John Newbigin wrote: > I have a setup where I have both shadow passwords and smbpasswd > passwords. system-auth is below. > I have a problem with forcing password changes on login. From what I > can tell, account pam_unix is requesting the password change with > PAM_NEW_AUTHTOK_REQD. From there though, the password change procedure > is not the same as when passwd is launched from the command line. Then > end result is that the SMB password is not updated when the password is > changed on login. > Any ideas anyone? Until recently, pam_smbpass would look at the 'expired' flag being passed by PAM and, if the Samba password was not expired, it would not effect a password change. However, since most people have password synchronization specifically in mind when stacking password modules, I've decided to ignore this flag -- upgrading pam_smbpass to a more recent version (e.g., 2.2.8a) should fix this problem for you. You should be able to upgrade pam_smbpass without affecting the rest of the Samba installation. -- Steve Langasek postmodern programmer > -- a normal password change > $ passwd > Changing password for jnewbigin > Current SMB password: > New LINUX password: > Retype new LINUX password: > passwd: all authentication tokens updated successfully > $ > > -- a change on login > $ ssh jnewbigin@xxxxxxx > jnewbigin@xxxxxxx's password: > You are required to change your password immediately (root enforced) > Warning: Your password has expired, please change it now > Changing password for jnewbigin > (current) UNIX password: > New LINUX password: > Retype new LINUX password: > $ > > > It is a redhat 7.2 box. Here is /etc/system-auth: > > auth required /lib/security/pam_env.so > auth requisite /lib/security/pam_unix.so likeauth nullok > auth optional /lib/security/pam_smbpass.so migrate > > account required /lib/security/pam_unix.so > > password required /lib/security/pam_cracklib.so retry=3 type=LINUX > password required /lib/security/pam_smbpass2.so use_authtok > try_first_pass migrate > password requisite /lib/security/pam_unix.so use_authtok md5 > shadow try_first_pass > > session required /lib/security/pam_limits.so > session required /lib/security/pam_unix.so
Attachment:
pgp00099.pgp
Description: PGP signature
