[Bug 302026] Re: likewise-open prevents local passwords from being changed

[Steve Langasek]

The reason for reusing the passwords between modules is to ensure the
user is only prompted for a new password once.

There is no "try_authtok" equivalent to "try_first_pass", and special-
casing pam_lwidentity in pam-auth-update would not be a good idea.  I
think pam_lwidentity needs to prompt for and store the new password,
even if it won't use it itself, otherwise there's no way for us to have
a completely pluggable stack.

Also, if the return code here is "password updated successfully", then I
think that implies pam_lwidentity.so is incorrectly returning
PAM_SUCCESS for users it doesn't know about.  It shouldn't do this - it
should return a sensible return value that lets the administrator
construct a useful stack, instead of presuming that PAM_SUCCESS is
wanted.

BTW, installing pam_cracklib may (or may not) work around this.

-- 
likewise-open prevents local passwords from being changed
https://bugs.launchpad.net/bugs/302026
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to likewise-open in ubuntu.