pam storing sessions with old passwords?

[Thorsten Kukuk]

On Fri, Apr 11, Frank Nørvig wrote:

> Also we were able to test it further with one of our users. She changed 
> password 4 days ago and was still able to login with both her old (1) 
> and new (2) password. We changed the password again (3) and this time 
> she was able to login with her (1) password and (3) password, but not 
> (2). Again, we changed it (4) and this time same pattern - she was able 
> to login with (1) and (4) but not (2) and (3). And again with (5) it was 
> same pattern.

So you are saying that she was able to login at the same machine
with the new and old password? Or that she is able to login on
some machines only with the old password and on others only
with the new one?

The first case is impossible.

For the second case, I would bet that this machines have a local
copy in /etc/passwd or /etc/shadow of this accounts with the old
password, and are not using the LDAP account. Or did you enable
some caching modules like pam_ccache on that machines?

  Thorsten

-- 
Thorsten Kukuk, Project Manager/Release Manager SLES
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
GF: Markus Rex, HRB 16746 (AG Nuernberg)