[Pkg-samba-maint] [Git][samba-team/samba][master] 2 commits: winbind pam-config: fix account section
Michael Tokarev (@mjt)
gitlab at salsa.debian.org
Fri Jul 11 10:00:20 BST 2025
Michael Tokarev pushed to branch master at Debian Samba Team / samba
Commits:
affb716b by Sascha Lucas at 2025-05-09T10:41:52+02:00
winbind pam-config: fix account section
This fixes a bug[1], where the PAM "account" part will never be executed
because the pam_unix usually return success due the presence of the
nss-winbind library.
The bug reporter points to sssd, how the problem is solved there, by
making the account section of type "Additional". This way pam_winbind is
always executed and i.e. enforces users with expired passwords to change
it before logging in.
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907318
Signed-off-by: Sascha Lucas <sascha_lucas at web.de>
- - - - -
b725f36c by Michael Tokarev at 2025-07-11T12:00:18+03:00
Merge branch 'pam_winbind_fix_account' into 'master'
winbind pam-config: fix account section
See merge request samba-team/samba!66
- - - - -
1 changed file:
- debian/winbind.pam-config
Changes:
=====================================
debian/winbind.pam-config
=====================================
@@ -6,9 +6,10 @@ Auth:
[success=end default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass
Auth-Initial:
[success=end default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login
-Account-Type: Primary
+Account-Type: Additional
Account:
- [success=end new_authtok_reqd=done default=ignore] pam_winbind.so
+ sufficient pam_localuser.so
+ [default=bad success=ok user_unknown=ignore] pam_winbind.so
Password-Type: Primary
Password:
[success=end default=ignore] pam_winbind.so try_authtok try_first_pass
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/a88e34b1574d0af43fa61500bf6d735124522a0a...b725f36ca00cf81c7562a869ac9688d876f81553
--
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/a88e34b1574d0af43fa61500bf6d735124522a0a...b725f36ca00cf81c7562a869ac9688d876f81553
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20250711/f82932cd/attachment.htm>
More information about the Pkg-samba-maint
mailing list