Kerberos expired passwords
Digant C Kasundra
digant at uta.edu
Thu Dec 23 17:14:43 UTC 2004
> Having failed at this, I want to get it where when the password is
> expired, the system will simply respond "Your password is expired" and
> then close the session. I found a way that almost works. Using the
> following setup, the system will tell me that the password is expired,
> ask me to REENTER my current password, and THEN close the session. I
> would like it to drop my session before asking for me to reenter the
> password:
>
> auth required /lib/security/$ISA/pam_env.so
> auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
> auth sufficient /lib/security/$ISA/pam_krb5.so use_first_pass
> debug
> auth required /lib/security/$ISA/pam_deny.so
>
> account required /lib/security/$ISA/pam_unix.so
> account [default=bad success=ok user_unknown=ignore
> service_err=ignore system_err=ignore] /lib/security/$ISA/pam_krb5.so
> debug
>
> password required /lib/security/$ISA/pam_cracklib.so retry=3
> type=
> password sufficient /lib/security/$ISA/pam_unix.so nullok
> use_authtok md5 shadow
> password [default=bad success=ok new_authtok_reqd=ok]
> /lib/security/$ISA/pam_krb5.so use_authtok debug
> password required /lib/security/$ISA/pam_deny.so
>
> session required /lib/security/$ISA/pam_mkhomedir.so
> skel=/etc/skel/ umask=0076
> session required /lib/security/$ISA/pam_limits.so
> session required /lib/security/$ISA/pam_unix.so
> session optional /lib/security/$ISA/pam_krb5.so debug
>
>
> What do you guys think?
>
Okay, I figure this out by removing the pam_krb5 module from the
password stack.
More information about the Pam-list
mailing list