On 05/07/2010 03:39 PM, Sumit Bose wrote: > On Thu, May 06, 2010 at 03:05:09PM +0200, Jakub Hrozek wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On 05/05/2010 04:13 PM, Jakub Hrozek wrote: >>> Sumit, can you give me some more information on how to test this? >>> >>> From what I gathered, you should be asked for a password as many times >>> as the retry= option for pam_sss says. What I'm seeing is that pam_sss >>> does not ask again..just retries the same password >> >> After a debugging session off-list we found out that my issue was not >> caused by error in the code but rather by the fact I was testing with >> sshd with PasswordAuthentication - as Sumit pointed out out in this case >> the user prompt and the pam conversation call is directly handled by >> sshd. ChallengeResponseAuthentication must be used in order to get the >> desired behaviour with retry= option. >> >> So, nack to the original patch - we need to document the above in the >> pam_sss man page. > > done > >> >> The code looks OK to me, just one nitpick while you are changing the >> patch - can you fix the indent after the "flags&= >> !FLAGS_USE_FIRST_PASS;" reset? Also I'm generally afraid of hardcoded > > done > >> constans like the "6" used in case of handling of the "retry=" >> option..but in this case it is probably, we're unlikely to ever change >> the option and it is confined to the eval_argv() function. > > done > > New version attached. > > bye, > Sumit >
Ack. -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
