Hi, I am trying to set up my authentication to use stacked modules with use_first_pass such that the user inputs one password after entering the user name and then this password gets passed to each module for authentication without further prompting. I have stacked the modules as follows : auth sufficient /lib/security/pam_ldap.so use_first_pass auth sufficient /lib/security/pam_unix.so use_first_pass auth sufficient /lib/security/pam_deny.so Everything is OK, if you enter a correct password and authentication succeeds. But if you enter an incorrect password you are locked out forever because pam uses the same password at the next login prompt without even asking the user again. You end up with : slc login: root Login incorrect login: root Login incorrect login: root Login incorrect login: root Login incorrect slc login: root Login incorrect login: root Login incorrect While I understand PAM is doing exactly what I asked it to do : use the first passowrd and if that fails move onto the next authentication module, which ends up in the vicious circle lock out I get. But I am wondering is there anyway I can get pam "to flush" the password so that once authentication has traversed my authentication stack, the next login prompt will prompt the user for a password. For example by adding a module at the end of my authentication stack ? One work around I have for the above problem is that is I set the first stacked module to "try_first_pass" it does prompt the user for a new password. But this is actually AFTER the fact that the module has already TRIED the previous failed password and so is trying again. TIA Wayne __________________________________ Do you Yahoo!? Yahoo! Mail SpamGuard - Read only the mail you want. http://antispam.yahoo.com/tools _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
