#2404 Remove password from the PAM stack if OTP is used
Closed: Fixed None Opened 7 years ago by jhrozek.

If the krb5_child returns that an OTP was used during authenication (see parse_krb5_child_response for more details) we should remove the authtok from the PAM stack to make user the password is not consumed further down the stack, in software like gnome-keyring.

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.12.1

Mass-moving all tickets that didn't make 1.12.1 into 1.12.2

milestone: SSSD 1.12.1 => SSSD 1.12.2

We need a design page based on the e-mail conversation first.

mark: => 0
owner: somebody => lslebodn

We need to do a release as requested by downstream. Moving tickets that are not fixed already or very close to acking to 1.12.3

milestone: SSSD 1.12.2 => SSSD 1.12.3

This upstream ticket was requesting by a downstream. Bumping the priority to make sure the ticket is closed as soon as possible.

priority: major => critical

Fields changed

patch: 0 => 1

Fields changed

status: new => assigned

resolution: => fixed
status: assigned => closed

Metadata Update from @jhrozek:
- Issue assigned to lslebodn
- Issue marked as blocked by: #2335
- Issue set to the milestone: SSSD 1.12.3

4 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3446

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.