Ocasionalmente, uma unidade do sistema usando um módulo pam que usa o pam_winbind registra uma senha de usuário.
Log da unidade do Systemd:
Mar 25 15:47:41 display-server node[5969]: pam_succeed_if(grooming:auth): requirement "user ingroup marketing department" not met by user "dispatch1"
Mar 25 15:47:41 display-server node[5969]: pam_succeed_if(grooming:auth): requirement "user ingroup dispatch users" was met by user "dispatch1"
Mar 25 15:47:41 display-server node[5969]: pam_winbind(grooming:auth): getting password (0x00004288)
Mar 25 15:47:41 display-server node[5969]: pam_winbind(grooming:auth): user 'dispatch1' granted access
Mar 25 15:47:41 display-server node[5969]: pam_winbind(grooming:auth): Received [<PASSWORD>] reply from application.
Módulo PAM:
#%PAM-1.0
auth [success=3 default=ignore] pam_succeed_if.so user ingroup [marketing department]
auth [success=2 default=ignore] pam_succeed_if.so user ingroup [dispatch users]
auth [success=1 default=ignore] pam_succeed_if.so user ingroup [it department]
auth requisite pam_deny.so
auth [success=1 default=ignore] pam_localuser.so
auth [success=2 default=die] pam_winbind.so
auth [success=1 default=die] pam_unix.so nullok
auth requisite pam_deny.so
auth optional pam_permit.so
auth required pam_env.so
account required pam_unix.so
account [success=1 default=ignore] pam_localuser.so
account required pam_winbind.so
account optional pam_permit.so
account required pam_time.so
password [success=1 default=ignore] pam_localuser.so
password [success=2 default=die] pam_winbind.so
password [success=1 default=die] pam_unix.so sha512 shadow
password requisite pam_deny.so
password optional pam_permit.so
session required pam_limits.so
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
session required pam_unix.so
session [success=1 default=ignore] pam_localuser.so
session required pam_winbind.so
session optional pam_permit.so
Isso é um problema com meu módulo pam, um problema com o pam_winbind ou algo que eu deveria corrigir adicionando silent = yes
a pam_winbind.conf
?