Bug#862225: marked as done (pam_mount mounts using old password when a password change is forced on login)

Mon, 26 Jun 2017 22:09:28 -0700 

Your message dated Tue, 27 Jun 2017 05:04:04 +0000
with message-id <[email protected]>
and subject line Bug#862225: fixed in libpam-mount 2.16-3
has caused the Debian Bug report #862225,
regarding pam_mount mounts using old password when a password change is forced 
on login
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
862225: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862225
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: libpam-mount

Version: 2.14-1.1



I have a setup where client computers run Debian Jessie and use:


- libpam-ldapd for authentication
- libpam-mount to mount a remote home directory through sshfs, using the login password entered by the user. The remote server uses the same ldap server for authentication. 


Normally works.
However if the user's password has expired, and he is forced to change it straight away on login, libpam-mount fails to mount the home directory.
It tries to login to the remote server with the old password, instead of the changed new one.
It seems the Debian package only adds libpam-mount to /etc/pam.d/common-auth (to capture the entererd password), and /etc/pam.d/common-session (where it uses the earlier captured password to do the actual mount).
However to be able to capture the new password on forced password changes on login, it should also be added to /etc/pam.d/common-password 


Adding the following line there seems to fix it for me:
password optional pam_mount.so disable_interactive 



--
Yours sincerely,

Floris Bos

--- End Message ---
--- Begin Message --- 
Source: libpam-mount
Source-Version: 2.16-3

We believe that the bug you reported is fixed in the latest version of
libpam-mount, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jochen Sprickerhof <[email protected]> (supplier of updated libpam-mount 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 26 Jun 2017 23:56:52 +0200
Source: libpam-mount
Binary: libpam-mount
Architecture: source
Version: 2.16-3
Distribution: unstable
Urgency: medium
Maintainer: Jochen Sprickerhof <[email protected]>
Changed-By: Jochen Sprickerhof <[email protected]>
Description:
 libpam-mount - PAM module that can mount volumes for a user session
Closes: 856992 857244 862225
Changes:
 libpam-mount (2.16-3) unstable; urgency=medium
 .
   [ Jochen Sprickerhof ]
   * Remove ancient config changes (not even needed for old-stable)
   * Replace fd0ssh and ofl by new versions in hxtools
   * Add patch to fix doc target.
     Thanks to Felix Lechner (Closes: #856992)
   * Add patch for luserconf outside home.
     Thanks to Felix Lechner (Closes: #857244)
   * Bump standards version and remove autogen
   * Update NEWS file
   * Really enable hardening
 .
   [ Trent W. Buck ]
   * mount with NEW password after expired-password reset (Closes: #862225)
Checksums-Sha1:
 92ae8d659bb28e2d19d27ba2c73ebe6205212d3f 2075 libpam-mount_2.16-3.dsc
 00a1e589bc72178eef6f0dad7bda66f383ed0927 27664 
libpam-mount_2.16-3.debian.tar.xz
 a42865d34d5b8bf74e63b0b17069d8b8139f9637 5960 
libpam-mount_2.16-3_source.buildinfo
Checksums-Sha256:
 cdfee8cb7a8d2c0943998e3315a6b6d49bbc106870e60ed48e4df72e3bc6f1cf 2075 
libpam-mount_2.16-3.dsc
 692c5beea835e617249f9f789df57987f511815e2df88272a715468c5632afe8 27664 
libpam-mount_2.16-3.debian.tar.xz
 e8d8b25f8898931fa61408fd18ee439d1620f835fee50c539a0839894094fce1 5960 
libpam-mount_2.16-3_source.buildinfo
Files:
 d127eb12222e930cdc409464700ff0a6 2075 admin extra libpam-mount_2.16-3.dsc
 e16ed3ca6acb5128c2d727838d8d17a8 27664 admin extra 
libpam-mount_2.16-3.debian.tar.xz
 74c6b13cd8bafe1ba68c124a5c6f2b4a 5960 admin extra 
libpam-mount_2.16-3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEc7KZy9TurdzAF+h6W//cwljmlDMFAllR4qsUHGpzcHJpY2tl
QGRlYmlhbi5vcmcACgkQW//cwljmlDMhDA/9GYUCa/n9ejgINiISj1dhw1Jm2cjg
Xi1U/zXQz51lxXraMVP1DJYkgVFZDTJRLdQfsHYx7+gR/9thKkerC4LA5CtAamGl
SmVik1FF0aZsCPDPJ2KrFgyg7vxole2fcTzaS2okO6BAutnwjB+eFBQKZM1TfeUV
VhFh2pXfstuj3LzU86CCXSSYnlbB/GuQHE1RWkOUgOY85jrbnmTy8kr6jSOQ0sPF
cEzXHsihBCMumR8h/zvf6t+TZ49VIxQlcB12LzyhI4nKDf8URcIQl7T7MJyDDCJK
SLWDWzrHxtKhS4ohLEm0o6keWVwtHRIpXSdaLzx7lTmx2hyZbbLAAFKWEQMdWmBK
IOVYJxyJEahUl4BV20WDCMIMLp4OmfZGzQO83q5ZJo9Z8Fqc40ZPcTSgF4C2f6m7
jFKtt2V9CEbgBa5T5jlPOIEoS7CpRtbnyuXwT4P0OsshXiL5YV7BolVd6SnQT9wf
R5M//Mab+lsHrAGZYsO8VANqaeuo8TwqiL5WhRgPmu0odTLXpxTTHIRTeP1G7DW/
OMg6NVwg2+ddFusR7Z3BS1azyhHb+ADkfpyZSy9ga/lI5tKZCj7y0SKhtl3AiBaV
z9gb6hghOfaiAhmQLO7WtnGDDYvUkx9HvHioPazIZQvO4KK2a1SKvBM1y9xKSqwk
3zwMshBUY+IrqzY=
=9Tun
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to