https://bugzilla.novell.com/show_bug.cgi?id=861009 https://bugzilla.novell.com/show_bug.cgi?id=861009#c0 Summary: pam_sss: Entering empty password yields "Authentication system failed" Classification: openSUSE Product: openSUSE 13.1 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: joschibrauchle@gmx.de QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.65 Safari/537.36 On the same lines as bnc #779246 and from https://git.fedorahosted.org/cgit/sssd.git/commit/?id=383fa7e69136ce27031d7d... we see that pam_sss returns "PAM_CRED_UNAVAIL" if an empty password is given (KRB5_LIBOS_CANTREADPWD). For the user, this results in a "authentication system failed" message, rather than something telling him about an invalid password. My suggestion is to change the return code from "PAM_CRED_UNAVAIL" to "PAM_CRED_ERR", which is the simplest fix. Reproducible: Always Steps to Reproduce: 1. Enable SSSD with Kerberos 2. Enter empty password Actual Results: Authentication System failed Expected Results: Invalid Password -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.