Cannot change password on ldap client, need to have 'try_authtok' in the pam config or libpam-cracklib installed
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libpam-ldap (Debian) |
Fix Released
|
Unknown
|
|||
libpam-ldap (Ubuntu) |
Triaged
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: libpam-ldap
I have a working LDAP client config using libnss-ldapd and libpam-ldap.
I can login to the system using any valid LDAP user.
However, when I attempt to change the password using 'passwd', the following occurs
stemul@dev:~$ passwd
Enter login(LDAP) password:
passwd: password updated successfully
stemul@dev:~$
The command returns without ever giving me the chance to change the password (although it does require the correct password to even get this far).
Some Googling suggested removing use_authtok from vi /etc/pam.
password [success=1 user_unknown=ignore default=die] pam_ldap.so use_authtok try_first_pass
to
password [success=1 user_unknown=ignore default=die] pam_ldap.so try_first_pass
After doing this, I can now change my password using passwd.
It looks like use_authtok only makes sense in common-password if you have installed libpam-cracklib or similar - is that correct?
Thanks
Changed in libpam-ldap: | |
status: | New → Incomplete |
Changed in libpam-ldap (Debian): | |
status: | Unknown → New |
Changed in libpam-ldap (Ubuntu): | |
status: | Confirmed → Triaged |
summary: |
- Cannot change password on ldap client unless libpam-cracklib also - installed + Cannot change password on ldap client, need to have 'try_authtok' in the + pam config |
summary: |
Cannot change password on ldap client, need to have 'try_authtok' in the - pam config + pam config or libpam-cracklib installed |
Changed in libpam-ldap (Debian): | |
status: | New → Fix Released |
I can confirm this bug/problem.