#2404 Remove password from the PAM stack if OTP is used
Closed: Fixed None Opened 5 years ago by jhrozek.

If the krb5_child returns that an OTP was used during authenication (see parse_krb5_child_response for more details) we should remove the authtok from the PAM stack to make user the password is not consumed further down the stack, in software like gnome-keyring.

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.12.1

Mass-moving all tickets that didn't make 1.12.1 into 1.12.2

milestone: SSSD 1.12.1 => SSSD 1.12.2

We need a design page based on the e-mail conversation first.

mark: => 0
owner: somebody => lslebodn

We need to do a release as requested by downstream. Moving tickets that are not fixed already or very close to acking to 1.12.3

milestone: SSSD 1.12.2 => SSSD 1.12.3

This upstream ticket was requesting by a downstream. Bumping the priority to make sure the ticket is closed as soon as possible.

priority: major => critical

Fields changed

patch: 0 => 1

Fields changed

status: new => assigned

resolution: => fixed
status: assigned => closed

Metadata Update from @jhrozek:
- Issue assigned to lslebodn
- Issue marked as blocked by: #2335
- Issue set to the milestone: SSSD 1.12.3

2 years ago

Login to comment on this ticket.