GDM has no "change password" option

Thanks for the report. This is a feature request. Assigning to Ubuntu Desktop Bugs.

Correction. This could be a genuine bug. (not RFE)

Could you mention the version of gdm and Gnome you are using.

GDM 2.18.1-0ubuntu1

Exists some way to enable this option?

how do you want to change your password if your account has expired?

upstream http://bugzilla.gnome.org/show_bug.cgi?id=356109 is about that and states it should be done by a pam module

Sorry, but this is not a PAM bug. Password changing is a completely separate application entry point from authentication, in PAM; it is the responsibility of the calling application to handle a return of PAM_NEW_AUTHTOK_REQD from pam_acct_mgmt(), indicating that the user must change his password. If gdm isn't doing that, that's a gdm bug.

If gdm *is* handling PAM_NEW_AUTHTOK_REQD correctly, then the problem is that this is never the value that's being returned, which means one of two things: either the PAM module in use is buggy (which I don't think is the case here because I've used pam_winbind+password expiry fine in the past with no problems), or the Windows domain is configured to immediately lock accounts out upon password expiry. The last case is certainly not something that we can fix...

Separately, there seems to be a wishlist request (in the upstream bug) to allow a user to change their password from within GDM itself even when it's not expired. I don't know how that would work, because the information that the password will expire /soon/ is entirely advisory and not part of the PAM spec, so the user would never see this information until after they'd successfully logged in. That part is probably a general GNOME bug rather than a GDM bug, then.

This would cause a serious security issue.

Huh? Where's the security issue in giving users an interface for changing their password?

Not only do I not see a security issue, but I believe this would also fit the use case of "User must change password on first login." Some mechanism for forcing password change is essential in GDM/PAM.

Any news about this feature request?

I have similar need using pam_winbind login, to access a PDC (samba in my case).
On Windows I am offered to change the password, on Ubuntu 10.04/GDM I just see a message below login saying "Your password is expired" but I can login anyway.

In my setup within an AD network, when my password is in the expiration period I can barely see the warning in the GDM login window for a fraction of a second. A normal user would not even notice it.
Introducing the option of changing the password when it is in the expiration period would also allow a user to be notified of this.

Please any news on this?

in my Ubuntu 10.10 when a user that has is password almost expired, the gdm display a message "your password will expire in ... days" and doesn't login :(

what can i do please?

thanks

guimenez

Just had this happen here too, using pam_winbind - gdm displayed the password has expired message and then it locked up :( On maverick

This happened to me also (again) and is reported as a new bug: https://bugs.launchpad.net/ubuntu/+source/gdm/+bug/613371