Age | Commit message (Collapse) | Author | Files | Lines |
|
- return PAM_AUTHTOK_ERR instead of PAM_SYSTEM_ERR if the password
change operation fails
- send a message to the user if the system is offline and the password
cannot be changed
|
|
|
|
|
|
|
|
To avoid unnecessary messages in the log files of the system we only
send log messages for PAM modules type which are explicitly handled by
sssd. Furthermore only the authentication modules sends a log message
when the operation was successful. All other modules only sends a
message if an error occurs.
This patch should fix bz556534.
|
|
|
|
|
|
uint32_t pointers must point to 32 bit aligned data on ARM. Instead of padding the data to force it into alignment I altered the code to memcpy the data to an aligned location. I'd appreciate any and all feedback especially on whether I took the best approach.
pam_test_client auth and pam_test_client acct now work on my armeb-xscale-linux-gnueabi target.
Signed-off-by: George McCollister <georgem@opteron.novatech-llc.com>
|
|
If pam_sm_chauthtok is called with the flag PAM_PRELIM_CHECK set we
generate a separate call to the sssd to validate the old password before
asking for a new password and sending the change password request.
|
|
|
|
- if the password is reset by root we do not ask for a password during
PAM_PRELIM_CHECK. But if there is one available during PAM_UPDATE_AUTHTOK
we will use it, because now we are in an expired password dialog.
|
|
|
|
|
|
|
|
|
|
|
|
- the client sends the PID as uint32_t and sssd will use uint32_t too
- fix a possible type issue where a uint32_t is sent as int32 in internal
dbus communication
|
|
Fixes: #138
|
|
|
|
- make pam_sss work with pam_cracklib and similar pam modules
- clean up the if-&&-else-|| jungle to make clear what is happening
|
|
|
|
|
|
OSes based on older versions of the PAM development libraries lack
the _pam_overwrite_n(n,x) macro. This patch copies the Fedora 11
pam-devel-1.0.91-6 implementation into an SSSD private header.
This affects RHEL5 and SUSE10.
|
|
|
|
|
|
Comment out unused function in pam_sss
Add missing configure.ac to common/ini
|
|
|
|
|
|
- if PAM_USER==root return PAM_USER_UNKNOWN
- pam_sss now can handle to following options:
- use_first_pass: forces the module to use a previous stacked modules
password and will never prompt the user
- use_authtok: when password changing enforce the module to set the new
password to the one provided by a previously stacked password module
- forward_pass: store the passwords collected by the module as pam items for
modules called later in the stack
|
|
|
|
|
|
Other pam modules which are called after pam_sss might want to
reuse the given password so that the user is not bothered with
multiple password prompt. When pam_sss is configured with the
option 'forward_pass' it will use pam_set_item to safe the
password for other pam modules.
|
|
|
|
|
|
Also bump up the version as this error prevented a successful build of 0.2.0
|
|
|
|
|
|
|
|
Also rename nss_client to sss_client and reuse the same
pipe protocol for both the NSS and PAM client libraries.
Signed-off-by: Simo Sorce <ssorce@redhat.com>
|