-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/07/2010 09:39 PM, Sumit Bose wrote: > On Thu, May 06, 2010 at 03:05:09PM +0200, Jakub Hrozek wrote: > On 05/05/2010 04:13 PM, Jakub Hrozek wrote: >>>> Sumit, can you give me some more information on how to test this? >>>> >>>> From what I gathered, you should be asked for a password as many times >>>> as the retry= option for pam_sss says. What I'm seeing is that pam_sss >>>> does not ask again..just retries the same password > > After a debugging session off-list we found out that my issue was not > caused by error in the code but rather by the fact I was testing with > sshd with PasswordAuthentication - as Sumit pointed out out in this case > the user prompt and the pam conversation call is directly handled by > sshd. ChallengeResponseAuthentication must be used in order to get the > desired behaviour with retry= option. > > So, nack to the original patch - we need to document the above in the > pam_sss man page. > >> done > > > The code looks OK to me, just one nitpick while you are changing the > patch - can you fix the indent after the "flags &= > !FLAGS_USE_FIRST_PASS;" reset? Also I'm generally afraid of hardcoded > >> done > > constans like the "6" used in case of handling of the "retry=" > option..but in this case it is probably, we're unlikely to ever change > the option and it is confined to the eval_argv() function. > >> done > >> New version attached. > >> bye, >> Sumit >
Thank you, Ack -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkvkct4ACgkQHsardTLnvCVKEQCcDR6w++XUQBe5HNKOApmf8EUa 63QAoIJra/Tk5xYsENtLEvat7IB8yzdn =wyKt -----END PGP SIGNATURE----- _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
