Re: Changing password in Kerberos environment
- From: Ondrej Holy <oholy redhat com>
- To: Yvan Masson <yvan masson univ-savoie fr>
- Cc: gnomecc-list gnome org
- Subject: Re: Changing password in Kerberos environment
- Date: Wed, 15 Apr 2015 02:39:46 -0400 (EDT)
Hi Yvan,
----- Original Message -----
Hi Ondrej,
Thanks for your informative answer.
So if I understand well, changing password with the GUI is not possible
for now.
It is only my non-expert thoughts and I don't blame accountsservice
developpers, but it is strange to me that it parses /etc/passwd and not
the result of the "getent passwd" command.
I'm not also expert on accountsservice, this was just my ideas, but it seems that they are really parsing
/etc/passwd directly (src/daemon.c:entry_generator_fgetpwent) and set the account as locked if password isn't
set or contains "!" (src/user.c:user_update_from_pwent). You can file the bug report for accountsservice, see:
http://freedesktop.org/wiki/Software/AccountsService/
Similarly, I can not understand why g-c-c is not just calling the
"passwd" command.
It is just calling the passwd, but it has to parse its output to interact and show results in gui. But there
is a problem that different pam plugins show different output, see:
$ passwd
Changing password for user oholy.
Changing password for oholy.
(current) UNIX password: <WRONG_PASSWORD>
Current Password: <WRONG_PASSWORD>
Kerberos 5 Password: <WRONG_PASSWORD>
...
Regards
Ondrej
I still have many things to learn...
Regards,
Yvan
Le mardi 14 avril 2015 à 08:05 -0400, Ondrej Holy a écrit :
Hi Yvan,
I suspect you don't use "enterprise accounts" (using realmd), but you have
reconfigured pam and use something like pam_krb5.so instead of pam_unix.so.
So you don't have configured your unix password (if it is possible). I
pretend
accountsservice doesn't support such manual configuration, thus it returns
that the account is disabled, because /etc/passwd doesn't contain necessary
entries probably. However it still won't work in g-c-c if it would be fixed
in accountsservice, because there is parser for passwd which isn't also
work
with another pam plugins...
Recommended way is using enterprise accounts, but still g-c-c doesn't allow
you to change the password, because there isn't realmd api for it...
Regards
Ondrej
----- Original Message -----
Hi everybody,
I just noticed that I can't change my password using the Gnome Control
Center : next to "Password" it is written in gray "disabled account".
I am using Kerberos authentication (with my home on an AFS file system)
so I think is Kerberos related. My account is not disabled.
I got the attached log with "$ gnome-control-center user-accounts
--verbose", but it is not helpfull for me.
Would you have an idea where to look for ?
Thanks very much,
Yvan
_______________________________________________
gnomecc-list mailing list
gnomecc-list gnome org
https://mail.gnome.org/mailman/listinfo/gnomecc-list
[
Date Prev][Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]