Password changing fails when "krb5" pam-config is not first
Bug #536930 reported by
Daniel Richard G.
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libpam-krb5 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
This concerns libpam-krb5 3.15-1 in Karmic.
If you use the "krb5" profile for pam-auth-update, password changing works correctly---unless another profile goes above it, and the "Password" clause is used instead of "Password-Initial". (I simulated this by bumping the priority down to 255, putting it immediately after the "unix" profile.) Then you get
$ passwd
passwd: Authentication information cannot be recovered
passwd: password unchanged
The problem is in passing "use_authtok" to pam_krb5. Comparatively, try_first_
To post a comment you must log in.
"Daniel Richard G." <email address hidden> writes:
> This concerns libpam-krb5 3.15-1 in Karmic.
Looks like Launchpad for some reason filed the bug against
kerberos-configs instead. I'll move it.
> If you use the "krb5" profile for pam-auth-update, password changing
> works correctly---unless another profile goes above it, and the
> "Password" clause is used instead of "Password-Initial". (I simulated
> this by bumping the priority down to 255, putting it immediately after
> the "unix" profile.) Then you get
> $ passwd
> passwd: Authentication information cannot be recovered
> passwd: password unchanged
> The problem is in passing "use_authtok" to pam_krb5. Comparatively, pass/use_ first_pass/ nothing at least allows the "Current
> try_first_
> Kerberos password:" prompt to come up.
This was fixed in 4.0-1. The fix would need to be backported to karmic.
-- www.eyrie. org/~eagle/>
Russ Allbery (<email address hidden>) <http://