[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pam storing sessions with old passwords?



I did some further testing and it seems it's a PAM problem and not LDAP as it's different servers (with Fedora 4 and pam 0.79) that remember the old password for different users. We only have one LDAP server so if it was LDAP was caching the old password, it would be possible to log in with the old password on all servers but that's not the case.

Also we were able to test it further with one of our users. She changed password 4 days ago and was still able to login with both her old (1) and new (2) password. We changed the password again (3) and this time she was able to login with her (1) password and (3) password, but not (2). Again, we changed it (4) and this time same pattern - she was able to login with (1) and (4) but not (2) and (3). And again with (5) it was same pattern.

It seems like PAM stores a session of an old password that it "recognizes" and instead of checking the password with the LDAP server it just lets the user in. Even when the user gets a new password and logs in with it :(

--- Frank
http://www.noervig.dk


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]