-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/05/2010 04:13 PM, Jakub Hrozek wrote: > Sumit, can you give me some more information on how to test this? > > From what I gathered, you should be asked for a password as many times > as the retry= option for pam_sss says. What I'm seeing is that pam_sss > does not ask again..just retries the same password
After a debugging session off-list we found out that my issue was not caused by error in the code but rather by the fact I was testing with sshd with PasswordAuthentication - as Sumit pointed out out in this case the user prompt and the pam conversation call is directly handled by sshd. ChallengeResponseAuthentication must be used in order to get the desired behaviour with retry= option. So, nack to the original patch - we need to document the above in the pam_sss man page. The code looks OK to me, just one nitpick while you are changing the patch - can you fix the indent after the "flags &= !FLAGS_USE_FIRST_PASS;" reset? Also I'm generally afraid of hardcoded constans like the "6" used in case of handling of the "retry=" option..but in this case it is probably, we're unlikely to ever change the option and it is confined to the eval_argv() function. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkvivoQACgkQHsardTLnvCU+ggCfdVtgOPOqyqfy4v7ezRiNYV9D xVkAoJ2ec1hRAjiBVMj5uNAZ7SXdmCVw =58qj -----END PGP SIGNATURE----- _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
