Bug 1949070
Summary: | 'try_first_pass' option no longer works on some PAM modules in RHEL8 | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | kyoneyama <kyoneyam> |
Component: | authselect | Assignee: | Pavel Březina <pbrezina> |
Status: | CLOSED ERRATA | QA Contact: | Dan Lavu <dlavu> |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | 8.3 | CC: | dlavu, ipedrosa |
Target Milestone: | beta | Keywords: | Triaged |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | authselect-1.2.2-3.el8 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2021-11-09 19:59:51 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Comment 1
Pavel Březina
2021-04-21 11:35:36 UTC
Even though try_first_pass is mentioned in the pam_unix documentation I don't see any reference to it in the code apart from the arguments table in support.h. Unfortunately, I don't know if this is intentional and upstream is planning to retire or if it's an actual error. I've opened an issue upstream to track this part of the problem: https://github.com/linux-pam/linux-pam/issues/357 As for pam_pwquality, this module comes from another project. I've checked it and there isn't any reference in the documentation for the argument in Fedora 33. In any case, I'm adding Paul to the conversation so that he can comment. According to upstream pam_unix behaves as if 'try_first_pass' was always set and the documentation should be improved. So, I think that the reporter is right in that the argument can be removed for pam_unix. Moreover, I have created a task for pam to improve the documentation: https://bugzilla.redhat.com/show_bug.cgi?id=1952388 Upstream ticket: https://github.com/authselect/authselect/issues/247 Upstream PR: https://github.com/authselect/authselect/pull/248 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (authselect bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:4482 |