** Description changed: + [Impact] + password changes don't currently work unless pam_cracklib is installed, or the use_authtok is dropped from the libpam-sss pam-auth-update file. + + [Test case] + install sssd & libpam-sss on an LDAP client, then try to change the password of a networked user. + + [Regression potential] + This bug has basically forced users to modify the (package owned) file on their own, but the new version should still work in all cases. + + -- + The priority of the libpam-sss pam-auth-update config file needs to be lower than for pam_unix, so that local users always work, despite the state of the sssd daemon. This causes a problem with the password stack, where pam_sss needs to be above pam_unix, so that if pam_cracklib is installed password changes still work. Otherwise it would be broken in one of the cases, depending on if use_authtok is set or not. The fix for this is to split the password stack from pam_sss config separate from the rest, and use a higher priority there. This is fixed in raring, needs an SRU to precise and quantal.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1086272 Title: libpam-sss.pam-auth-update needs to be split to properly support password changes To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1086272/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
