Mailinglist Archive: opensuse-bugs (10810 mails)
| < Previous | Next > |
[Bug 545724] New: useradd foo; passwd foo doesn't work if kerberos is used
- From: bugzilla_noreply@xxxxxxxxxx
- Date: Fri, 9 Oct 2009 07:31:47 -0600
- Message-id: <bug-545724-21960@xxxxxxxxxxxxxxxxxxxxxxxx/>
http://bugzilla.novell.com/show_bug.cgi?id=545724
Summary: useradd foo; passwd foo doesn't work if kerberos is
used
Classification: openSUSE
Product: openSUSE 11.2
Version: Milestone 8
Platform: Other
OS/Version: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Basesystem
AssignedTo: mc@xxxxxxxxxx
ReportedBy: mmarek@xxxxxxxxxx
QAContact: qa@xxxxxxx
Found By: ---
On a system with ldap and kerberos, pam-config sets the following in
/etc/pam.d/common-password-pc:
password requisite pam_pwcheck.so nullok cracklib
password [default=ignore success=1] pam_succeed_if.so uid >
999 quiet
password sufficient pam_unix2.so use_authtok nullok
password sufficient pam_krb5.so
password required pam_ldap.so try_first_pass use_authtok
The line with pam_succeed_if skips the pam_unix2 module for users with uid >
999. However, /etc/login.defs has
UID_MIN 1000
so local users created with useradd will by default have a uid > 999:
# useradd foo; passwd foo
Changing password for foo.
Kerberos 5 Password:
passwd: User not known to the underlying authentication module
# id foo
uid=11065(foo) gid=100(users) groups=100(users),33(video)
The log message in the pam-config repository was
r151 | mcalmer | 2008-08-29 12:27:36 +0200 (Pá, 29 srp 2008) | 14 lines
* release version 0.59
* src/mod_pam_unix2.c: skip password change for uid > 999
in case of krb5 is used.
..
what was the reason for this change? What's the correct way of creating local
users with useradd now?
--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
Summary: useradd foo; passwd foo doesn't work if kerberos is
used
Classification: openSUSE
Product: openSUSE 11.2
Version: Milestone 8
Platform: Other
OS/Version: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Basesystem
AssignedTo: mc@xxxxxxxxxx
ReportedBy: mmarek@xxxxxxxxxx
QAContact: qa@xxxxxxx
Found By: ---
On a system with ldap and kerberos, pam-config sets the following in
/etc/pam.d/common-password-pc:
password requisite pam_pwcheck.so nullok cracklib
password [default=ignore success=1] pam_succeed_if.so uid >
999 quiet
password sufficient pam_unix2.so use_authtok nullok
password sufficient pam_krb5.so
password required pam_ldap.so try_first_pass use_authtok
The line with pam_succeed_if skips the pam_unix2 module for users with uid >
999. However, /etc/login.defs has
UID_MIN 1000
so local users created with useradd will by default have a uid > 999:
# useradd foo; passwd foo
Changing password for foo.
Kerberos 5 Password:
passwd: User not known to the underlying authentication module
# id foo
uid=11065(foo) gid=100(users) groups=100(users),33(video)
The log message in the pam-config repository was
r151 | mcalmer | 2008-08-29 12:27:36 +0200 (Pá, 29 srp 2008) | 14 lines
* release version 0.59
* src/mod_pam_unix2.c: skip password change for uid > 999
in case of krb5 is used.
..
what was the reason for this change? What's the correct way of creating local
users with useradd now?
--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
| < Previous | Next > |