-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/05/2010 12:34 PM, Sumit Bose wrote: > Hi, > > this patch should fix #408 by adding and option named retry to pam_sss. > > bye, > Sumit >
Sumit, can you give me some more information on how to test this? - From what I gathered, you should be asked for a password as many times as the retry= option for pam_sss says. What I'm seeing is that pam_sss does not ask again..just retries the same password - the logs show something like this: - --- pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost user=sss_test pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost user=sss_test pam_sss(sshd:auth): received for user sss_test: 7 (Authentication failure) pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost user=sss_test pam_sss(sshd:auth): received for user sss_test: 7 (Authentication failure) pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost user=sss_test pam_sss(sshd:auth): received for user sss_test: 7 (Authentication failure) pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost user=sss_test pam_sss(sshd:auth): received for user sss_test: 7 (Authentication failure) - --- This is with retry=3, my full auth: PAM config looks like this: - --- auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_sss.so use_first_pass retry=3 auth required pam_deny.so - --- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkvhfP0ACgkQHsardTLnvCUsOACg6bCqSW347NWnn9mwIkWcXwr2 +v4AoK+AtZ3bcc5gFR99v8qrjDlixYB/ =sEmd -----END PGP SIGNATURE----- _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
