DoublePasswordPromt
Special thanks
- Thanks go to genii from #ubuntu channel for helping me trackdown the issue.
The Probblem
- When you use sudo or when logging in, you get asked for your password two times (could be more), even though you enter the password correctly the first time.
Reason
- The reason for the problem is if you tried to install kerberos.
What happens
Here is a dump of my /etc/pam.d/common-auth
# /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # #auth required pam_unix.so nullok_secure auth sufficient pam_krb5.so ccache=/tmp/krb5cc_%u auth sufficient pam_unix.so likeauth nullok slavik auth required pam_deny.so
Of course, this causes problems.
What happens is the first time you enter your password, it tries to authenticate with kerberos using pam_krb5.so (LDAP, OpenDirectory, ActiveDirectory) and fails. Then the pam_unix.so module is called to try and authenticate you it gives you another password promt. This is the one that we want, since it checks password locally.
The fix
- The fix is very easy, simply make sure that the following line is the first uncommented line (except empty lines)
auth sufficient pam_unix.so likeauth nullok slavik
And here is my updated /etc/pam.d/common-auth
# /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # #auth required pam_unix.so nullok_secure auth sufficient pam_unix.so likeauth nullok slavik auth sufficient pam_krb5.so ccache=/tmp/krb5cc_%u auth required pam_deny.so
DoublePasswordPromt (last edited 2008-08-27 14:44:53 by inbound)