Stephan Krempel <[EMAIL PROTECTED]> writes: > Package: libpam-krb5 > Version: 3.8-1 > Severity: normal > Tags: patch
> Hi, > I use a configuration like this: > /etc/pam.d/common-password: > --- > password requires pam_cracklib.so > password requires pam_krb5 use_authtok > --- > This works great, if cracklib loves the given new password. But in the > case it doesn't, krb5 is asking again for a new password and accepts > everything. In short: the use_authtok option is not handled correctly. > Manpage says 'Never prompt the user for a password under any > circumstances' > I have found the reason in function get_new_password(). It seems that > pam_krb5 assumes pam_get_item() to return a value different from > PAM_SUCCESS if no new password is set on the stack before. But > pam_get_item() will always return PAM_SUCCESS, so i think we have to > check if the password is NULL instead. Indeed. Thank you, this is the correct fix. This will be in the next release. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
