-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm running into some bizzarre behavior on SuSE and RedHat systems. I'm trying to insert another module to do password strength checking, and if that check fails, then the entire password change should fail. My config looks as follows: password requisite pam_lwipasspolicy.so debug password requisite pam_pwcheck.so nullok cracklib password required pam_unix2.so nullok use_authtok Setting "requisite" on pam_lwipasspolicy should mean that if it fails, then pam_cracklib or pam_pwcheck is not even supposed to be called, since pam_lwipasspolicy returns PAM_AUTHTOK_ERR. Strangely, however, pam_cracklib and pam_pwcheck both reprompt for the password. No amount of tweaking has produced the expected behavior. You can emulate this behavior by taking a RedHat system and putting pam_cracklib in twice in a row, both times set to requisite. Same would go for SuSE and pam_pwcheck. Can anyone tell me why this is happening? BTW, if the prelim check of pam_lwipasspolicy (and pam_cracklib) returns a failure, "requisite" works as expected. It is only on the actual request that the error does not appear to be honored. - -- Marcin Krzysztof Porwit mporwit@xxxxxxxxxxxx #include <stddisclaimer.h> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGOlFQ4OZU6cX5VBERAo5YAJwJ7QaVMY4iInshuuJqopYMN42peQCeJMwb JxFer3wCP5Yv9nejK5ZvXEo= =K2ej -----END PGP SIGNATURE----- _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
