Bug 8691 - pam_winbind will not allow gdm login if password about to expire
pam_winbind will not allow gdm login if password about to expire
Status: NEW
Product: Samba 3.5
Classification: Unclassified
Component: Winbind
x64 Linux
: P5 major
: ---
Assigned To: Michael Adam
Samba QA Contact
Depends on:
  Show dependency treegraph
Reported: 2012-01-05 19:32 UTC by Joe
Modified: 2012-01-05 19:32 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Joe 2012-01-05 19:32:46 UTC
When logging in to RHEL6 workstations, with an AD password that is about to expire, gdm will fail to login and redirect you back to the login screen. SSH and "login" will display "erroneous converstation (5)" when logging in with the same account, but will proceed to the shell.

pam_winbind uses the PAM_RADIO_TYPE message type to display a password change/expiration message in gdm. However, PAM 1.1.1-1.1.5 does not appear to completely implement this message type, or there is a problem with how pam_winbind implements it.

For now, I have disabled this message type before compilation of pam_winbind, and it seems to have worked around the problem. However, I cannot change my password from a gdm or ssh login when this is done.

I have done this by commenting out the following line in config.h