On Wed, Jul 8, 2009 at 11:05 AM, Linux Addict
<linuxaddict7@gmail.com>wrote:
> Hello there, I am having weird issue. The problem is when a wrong password
> entered when I login or use sudo as AD user, the system uses the same wrong
> password next three times and exits , and does not prompt for password
> again.
>
> This is not the case when winbind is not used. I suspect this is something
> to do with PAM for winbind. Please somene look at my PAM config and let me
> know if there is anything worng. Any hint is appreciated.
>
>
> auth required pam_env.so
> auth sufficient pam_unix.so nullok try_first_pass
> auth requisite pam_succeed_if.so uid >= 500 quiet
> auth sufficient pam_winbind.so cached_login use_first_pass
> auth required pam_deny.so
>
>
> account required pam_access.so
> account required pam_unix.so broken_shadow
> account sufficient pam_localuser.so
> account sufficient pam_succeed_if.so uid < 500 quiet
> account [default=bad success=ok user_unknown=ignore] pam_winbind.so
> cached_login
> account required pam_permit.so
>
>
> password requisite pam_cracklib.so try_first_pass retry=3
> password sufficient pam_unix.so sha512 shadow nullok try_first_pass
> use_authtok
> password sufficient pam_winbind.so cached_login use_authtok
> password required pam_deny.so
>
>
> session optional pam_mkhomedir.so skel=/etc/skel/
> session required pam_limits.so
> session required pam_unix.so
>
When I enable winbind to debug, I see the following messages on syslog.
pam_winbind(sshd): PAM_REINITIALIZE_CRED not implemented