[Pkg-xfce-devel] Bug#735670: Bug#735670: lightdm ask ldap administrator password when changing a password expired
Giulio Turetta
giulio at sviluppoweb.eu
Mon Jan 27 18:41:46 UTC 2014
Hello,
Il 24/01/2014 16:46, Yves-Alexis Perez ha scritto:
> That's why I think PAM people might have more clue than me…
I wrote to Steve Langasek (pam DM), I briefly described the problem and
asked for informations.
Steve about the man page:
> Well, this information from the manpage authoritatively describes how the
> flag is meant to be used: if pam_chauthtok() is being called to request
> changing expired tokens, the flag is expected to be passed.
Steve about the missing flag in lightdm:
> However, lightdm definitely should be passing PAM_CHANGE_EXPIRED_AUTHTOK
> whenever it calls pam_chauthtok(), because lightdm doesn't have any
> interface for letting the user /request/ a change of their password.
About pam_unix - which is more important because it's the default pam
module - to be sure that I didn't messed up anything I tried with a
clean Wheezy installation.
I confirm that, due to the missing flag in lightdm, anyone can change
his expired password by lightdm bypassing the password policies (like
root does).
Regards
G.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: giulio.vcf
Type: text/x-vcard
Size: 268 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-xfce-devel/attachments/20140127/332ee5a3/attachment.vcf>
More information about the Pkg-xfce-devel
mailing list