After spending some hours trying to find the cause from my ldap
configuration, I'm happy to tell you this problem still exists in Debian
7.8 with the default configuration (generated by pam-auth-update):
/etc/pam.d/common-password:
password [success=2 default=ignore] pam_unix.so obscure use_authtok
try_first_pass sha512
password [success=1 user_unknown=ignore default=die] pam_ldap.so
use_authtok try_first_pass
As mentioned earlier in this bug, installing libpam-cracklib removes the
problem. So does removing use_authtok from the pam_ldap.so line in
/etc/pam.d/common-password .
I don't see either solution mentioned in the docs, and libpam-ldap
doesn't seem depend on, recommend or suggest libpam-cracklib either.
I quickly tested what happens if cracklib is installed, but use_authtok
is removed anyway, and didn't see any new problems appear. But perhaps
someone who knows PAM better might comment on why use_authtok is
needed/useful.
libldap-2.4-2:amd64 2.4.31-1+nmu2
libnss-ldap:amd64 264-2.5
libpam-ldap:amd64 184-8.6
libpam-cracklib:amd64 1.1.3-7.1
cheers,
--
Ilkka Virta - itvirta at iki.fi
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
