pam_winbind está registrando senhas

3

Ocasionalmente, uma unidade do sistema usando um módulo pam que usa o pam_winbind registra uma senha de usuário.

Log da unidade do Systemd:

Mar 25 15:47:41 display-server node[5969]: pam_succeed_if(grooming:auth): requirement "user ingroup marketing department" not met by user "dispatch1"
Mar 25 15:47:41 display-server node[5969]: pam_succeed_if(grooming:auth): requirement "user ingroup dispatch users" was met by user "dispatch1"
Mar 25 15:47:41 display-server node[5969]: pam_winbind(grooming:auth): getting password (0x00004288)
Mar 25 15:47:41 display-server node[5969]: pam_winbind(grooming:auth): user 'dispatch1' granted access
Mar 25 15:47:41 display-server node[5969]: pam_winbind(grooming:auth): Received [<PASSWORD>] reply from application.

Módulo PAM:

#%PAM-1.0
auth      [success=3 default=ignore] pam_succeed_if.so user ingroup [marketing department]
auth      [success=2 default=ignore] pam_succeed_if.so user ingroup [dispatch users]
auth      [success=1 default=ignore] pam_succeed_if.so user ingroup [it department]
auth      requisite pam_deny.so

auth      [success=1 default=ignore] pam_localuser.so
auth      [success=2 default=die] pam_winbind.so
auth      [success=1 default=die] pam_unix.so nullok
auth      requisite pam_deny.so
auth      optional  pam_permit.so
auth      required  pam_env.so

account   required  pam_unix.so
account   [success=1 default=ignore] pam_localuser.so
account   required  pam_winbind.so
account   optional  pam_permit.so
account   required  pam_time.so

password  [success=1 default=ignore] pam_localuser.so
password  [success=2 default=die] pam_winbind.so
password  [success=1 default=die] pam_unix.so sha512 shadow
password  requisite pam_deny.so
password  optional  pam_permit.so

session   required  pam_limits.so
session   required  pam_mkhomedir.so skel=/etc/skel/ umask=0022
session   required  pam_unix.so
session   [success=1 default=ignore] pam_localuser.so
session   required  pam_winbind.so
session   optional  pam_permit.so

Isso é um problema com meu módulo pam, um problema com o pam_winbind ou algo que eu deveria corrigir adicionando silent = yes a pam_winbind.conf ?

    
por gnarly-line 30.03.2017 / 00:34

0 respostas