Sometimes a second module will prompt for the password, and since the
first one already did, it may not be the module. (One possibility is to
use the try_first_pass in the configuration file and see if the
secondary prompt goes away).
Joe
Jason Gerfen wrote:
I am running into a problem with a module I have been working on with a
co-worker... below is short summary of what is occuring and the
functions it performs;
1. reads a config file into arguments
2. looks at local accounts for current pam_get_user()
3. if no local acct. present connects to ldap and looks for user
4. if user present in ldap the local account gets created so the
pam_krb5 module can map the ticket to the local account
my problem is this, everything is working but currently you have to
input your username & password combination twice due to the account
creation process. I have tried the following trying to get it working;
1. tried forking the local account creation
2. tried forking the local account home directory setup
3. tried forking the ldap search
4. tried forking the entire pam_sm_authenticate() functions which
resulted in everything else showing up in the logs after pam_krb5 ran
I need to know of a way maybe in the configuation of the pam stack to
require it to pause before moving on to the next pam module in the list...
any help on this would be great, oh yeah i can't use the
pam_mkhomedir.so because the account and home directory information
needs to be present *prior* to kerberos and the ticket mapping portion
of their authentication. =)
_______________________________________________
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
