On Fri, Oct 31, 2008 at 09:57:31AM -0000, Soren Hansen wrote: > How about new_authtok_reqd=1 (i.e. skip the pam_deny entry)? In Hardy > pam_unix used to be "required", which translates into [success=ok > new_authtok_reqd=ok ignore=ignore default=bad], so success and > new_authtok_reqd had the same action back then, too.
No, that's definitely wrong. "new_authtok_reqd=1" would mean pam_unix would not contribute at all to the return code of the stack, it would instead jump to pam_permit and return PAM_SUCCESS. new_authtok_reqd=ok or new_authtok_reqd=die should have the desired effect. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ [EMAIL PROTECTED] [EMAIL PROTECTED] -- passwd -e locks account https://bugs.launchpad.net/bugs/291091 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
