Bug 836620

Summary: Don't use cached_login with pam_winbind for password stack
Product: [Fedora] Fedora Reporter: Stef Walter <stefw>
Component: authconfigAssignee: Tomas Mraz <tmraz>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: authconfig-6.2.3-1.fc18 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-08-15 12:02:34 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Patch which fixes the problem none

Description Stef Walter 2012-06-29 16:33:13 UTC
Created attachment 595337 [details]
Patch which fixes the problem

Description of problem:

authconfig adds 'cached_login' to the pam password stack. We shouldn't be using offline cached passwords when changing an AD password.

Version-Release number of selected component (if applicable):

Latest hg

How reproducible:

Every time.

Steps to Reproduce:
1. authconfig --updateall --enablewinbind --enablewinbindauth
  
Actual results:

  password    sufficient    pam_winbind.so cached_login use_auth_tok

Expected results:

  password    sufficient    pam_winbind.so use_auth_tok

Comment 1 Stef Walter 2012-08-15 14:47:57 UTC
Confirmed that this fixed with authconfig-6.2.3