SSSD / sssd

Clone

a409fd6 pam_sss: password change with two factor authentication

1 file Authored by sbose 6 years ago, Committed by jhrozek 6 years ago,
raw patch tree parent
1 file changed. 188 lines added. 20 lines removed.
src/sss_client/pam_sss.c
file modified
+188 -20 
    pam_sss: password change with two factor authentication
    
    If two factor authentication is enforced both authentication factors are
    needed to update or change the long term password. This means that
    during the PAM chauthok operation it has to be determined if two factor
    authentication is enable for the user and the user must be prompted
    accordingly.
    
    Typically in the first step of the chauthok operation (PAM_PRELIM_CHECK)
    the current password is verified before asking the user for a new
    password. With two factor authentication this has to be skipped because
    the one-time factor would then be invalid to authenticate the actual
    password change.
    
    Related to https://pagure.io/SSSD/sssd/issue/3585
    
    Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
file modified
+188 -20
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.