On Tue, Aug 24, 2004 at 07:29:23PM -0400, Adams, Chris M, CTR,, DMDCWEST wrote: > > You should have stacked pam_passwdqc after pam_dhkeys, not before. > > And there should be no need for "ask_oldauthtok=update > > check_oldauthtok" on your recent/patched Solaris 8 (it's almost > > Solaris 9 in fact). > > Thanks for the info, although changing the order there didn't fix the > problem. When I took out the ask_oldauthtok=update check_oldauthtok, it > went back to failing at the very end. When I put them back in, it works > just like before, even with the order swapped. I don't think the ordering > should matter in this case since pam_dhkeys is used for diffie-hellman keys > and secure rpc, which we aren't using. Yes. I should have been more explicit. I think your main problem was that you commented out the "passwd auth ..." line. Please try the exact 4 lines from my previous e-mail and let me know of your results. > I had tried both scenarios listed in PLATFORMS, and since I have patch > 108993-33, I originally commented out pam_authtok_get and pam_authtok_check, That's correct. > but had to use the ask_oldauthtok=update check_oldauthtok options to get it > to work, so it's sort of a kludge of both scenarios. Hmm. The "passwd auth ..." should have taken care of the old password request. -- Alexander Peslyak <solar at openwall.com> GPG key ID: B35D3598 fp: 6429 0D7E F130 C13E C929 6447 73C3 A290 B35D 3598 http://www.openwall.com - bringing security into open computing environments _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
