On Wed, Jul 8, 2009 at 11:05 AM, Linux Addict <linuxaddi...@gmail.com>wrote:
> Hello there, I am having weird issue. The problem is when a wrong password > entered when I login or use sudo as AD user, the system uses the same wrong > password next three times and exits , and does not prompt for password > again. > > This is not the case when winbind is not used. I suspect this is something > to do with PAM for winbind. Please somene look at my PAM config and let me > know if there is anything worng. Any hint is appreciated. > > > auth required pam_env.so > auth sufficient pam_unix.so nullok try_first_pass > auth requisite pam_succeed_if.so uid >= 500 quiet > auth sufficient pam_winbind.so cached_login use_first_pass > auth required pam_deny.so > > > account required pam_access.so > account required pam_unix.so broken_shadow > account sufficient pam_localuser.so > account sufficient pam_succeed_if.so uid < 500 quiet > account [default=bad success=ok user_unknown=ignore] pam_winbind.so > cached_login > account required pam_permit.so > > > password requisite pam_cracklib.so try_first_pass retry=3 > password sufficient pam_unix.so sha512 shadow nullok try_first_pass > use_authtok > password sufficient pam_winbind.so cached_login use_authtok > password required pam_deny.so > > > session optional pam_mkhomedir.so skel=/etc/skel/ > session required pam_limits.so > session required pam_unix.so > When I enable winbind to debug, I see the following messages on syslog. pam_winbind(sshd): PAM_REINITIALIZE_CRED not implemented -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba