Steve Langasek <vor...@debian.org> writes: > On Mon, Sep 14, 2009 at 06:17:47PM -0700, Russ Allbery wrote:
>> I don't think pam_krb5 can the password prompting when it's going to >> ignore the password change since it should generally not prompt for the >> new password until it's authenticated the account, and for ignored >> accounts it has no way of doing that. > Hmm, I question this assumption - why /can't/ pam_krb5 do the password > prompting, set that token, and return PAM_IGNORE? > That was what I was coming to the conclusion was the logical way to fit > things together with pam-auth-update. Because the normal password change process is prompt for the old password, verify it, and then prompt for the new password. pam_krb5 can't do that middle step unless the account is a Kerberos account, so I don't see how it could get to the final step, which is where pam_unix is failing. Am I missing something? -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
