Re: Changing password in Kerberos environment



Hi Yvan,

----- Original Message -----
Hi Ondrej,

Thanks for your informative answer.

So if I understand well, changing password with the GUI is not possible
for now.

It is only my non-expert thoughts and I don't blame accountsservice
developpers, but it is strange to me that it parses /etc/passwd and not
the result of the "getent passwd" command.

I'm not also expert on accountsservice, this was just my ideas, but it seems that they are really parsing 
/etc/passwd directly (src/daemon.c:entry_generator_fgetpwent) and set the account as locked if password isn't 
set or contains "!" (src/user.c:user_update_from_pwent). You can file the bug report for accountsservice, see:
http://freedesktop.org/wiki/Software/AccountsService/

Similarly, I can not understand why g-c-c is not just calling the
"passwd" command.

It is just calling the passwd, but it has to parse its output to interact and show results in gui. But there 
is a problem that different pam plugins show different output, see:

$ passwd
Changing password for user oholy.
Changing password for oholy.
(current) UNIX password: <WRONG_PASSWORD>
Current Password: <WRONG_PASSWORD>
Kerberos 5 Password: <WRONG_PASSWORD>
...

Regards

Ondrej


I still have many things to learn...

Regards,
Yvan

Le mardi 14 avril 2015 à 08:05 -0400, Ondrej Holy a écrit :
Hi Yvan,

I suspect you don't use "enterprise accounts" (using realmd), but you have
reconfigured pam and use something like pam_krb5.so instead of pam_unix.so.
So you don't have configured your unix password (if it is possible). I
pretend
accountsservice doesn't support such manual configuration, thus it returns
that the account is disabled, because /etc/passwd doesn't contain necessary
entries probably. However it still won't work in g-c-c if it would be fixed
in accountsservice, because there is parser for passwd which isn't also
work
with another pam plugins...

Recommended way is using enterprise accounts, but still g-c-c doesn't allow
you to change the password, because there isn't realmd api for it...

Regards

Ondrej

----- Original Message -----
Hi everybody,

I just noticed that I can't change my password using the Gnome Control
Center : next to "Password" it is written in gray "disabled account".

I am using Kerberos authentication (with my home on an AFS file system)
so I think is Kerberos related. My account is not disabled.

I got the attached log with "$ gnome-control-center user-accounts
--verbose", but it is not helpfull for me.

Would you have an idea where to look for ?

Thanks very much,
Yvan


_______________________________________________
gnomecc-list mailing list
gnomecc-list gnome org
https://mail.gnome.org/mailman/listinfo/gnomecc-list






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]