Discussion:
[PR PATCH] nsswitch: Add try_authok option to pam_winbind
Github bot account via samba-technical
2018-04-20 13:13:58 UTC
Permalink
There is a new pull request by sathieu against master on the Samba Samba Github repository

https://github.com/sathieu/samba pam_winbind-try_authok
https://github.com/samba-team/samba/pull/168

nsswitch: Add try_authok option to pam_winbind
Same as the use_authtok option, except that if the new password is not
valid, PAM will prompt for a password.

Bug-Debian: https://bugs.debian.org/858923
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/570944

Signed-off-by: Mathieu Parent <***@gmail.com>

A patch file from https://github.com/samba-team/samba/pull/168.patch is attached
Github bot account via samba-technical
2018-04-20 13:18:15 UTC
Permalink
New comment by sathieu on Samba Github repository

https://github.com/samba-team/samba/pull/168#issuecomment-383092973
Comment:
I've tested that it works but please review carefully this code has no testsuite (I'm quite confident that my code doesn't change the behavior when the new option in not used) !

In particular (even before the patch):
- use_authtok implies use_first_pass
- I don't understand this:
```
} else if (on(WINBIND_USE_AUTHTOK_ARG, ctrl)
&& off(WINBIND__OLD_PASSWORD, ctrl)) {
return PAM_AUTHTOK_RECOVER_ERR;
}
``
Github bot account via samba-technical
2018-04-20 13:29:23 UTC
Permalink
New comment by cryptomilk on Samba Github repository

https://github.com/samba-team/samba/pull/168#issuecomment-383096041
Comment:
Could you please add a test for this?

See for example:
python/samba/tests/pam_winbind_warn_pw
Github bot account via samba-technical
2018-04-20 13:31:45 UTC
Permalink
New comment by cryptomilk on Samba Github repository

https://github.com/samba-team/samba/pull/168#issuecomment-383096041
Comment:
Could you please add a test for this?

See for example:
python/samba/tests/pam_winbind_warn_pwd_expire.sh
python/samba/tests/pam_winbind_warn_pwd_expi
Github bot account via samba-technical
2018-04-20 13:37:28 UTC
Permalink
New comment by cryptomilk on Samba Github repository

https://github.com/samba-team/samba/pull/168#issuecomment-383096041
Comment:
Could you please add a test for this?

See for example:
python/samba/tests/test_pam_winbind_warn_pwd_expire.sh
python/samba/tests/pam_winbind_warn_pwd
Github bot account via samba-technical
2018-04-20 13:38:11 UTC
Permalink
New comment by cryptomilk on Samba Github repository

https://github.com/samba-team/samba/pull/168#issuecomment-383096041
Comment:
Could you please add a test for this?

See for example:
python/samba/tests/test_pam_winbind.sh
python/samba/tests/pam_winbind.py

python/samba/tests/test_pam_winbind_warn_pwd_expire.sh
python/samba/tests/pam_winbind_warn_pwd_expire.py

and

https://cwrap.or
Github bot account via samba-technical
2018-04-20 13:38:27 UTC
Permalink
New comment by cryptomilk on Samba Github repository

https://github.com/samba-team/samba/pull/168#issuecomment-383096041
Comment:
Could you please add a test for this?

See for example:
```
python/samba/tests/test_pam_winbind.sh
python/samba/tests/pam_winbind.py

python/samba/tests/test_pam_winbind_warn_pwd_expire.sh
python/samba/tests/pam_winbind_warn_pwd_expire.py
```

and

https:
Github bot account via samba-technical
2018-04-20 13:53:31 UTC
Permalink
New comment by sathieu on Samba Github repository

https://github.com/samba-team/samba/pull/168#issuecomment-383103218
Comment:
Yes. But how to add a "previous module" lik
Github bot account via samba-technical
2018-04-20 15:11:14 UTC
Permalink
New comment by cryptomilk on Samba Github repository

https://github.com/samba-team/samba/pull/168#issuecomment-383127810
Comment:
I think you just need to set a PAM env variable right? pam_wrapper provides a module pam_set_items which also has a manpage: 'man pam_set_items'. You can
Loading...