-
제목
Double password prompt, the second password prompt works. -
설명
The first attempt to login results in a second password prompt. Entering the password a second time works. -
원인
A second module in the pam configurations also requesting the password. Here is an example of a pam configuration that prompts twice due to both the smartcard module and the vas module requesting the password:
/etc/pam.d/password-auth-ac
auth required pam_env.so
auth requisite pam_lsass.so smartcard_prompt try_first_pass
auth sufficient pam_vas3.so create_homedir get_nonvas_pass
auth requisite pam_vas3.so echo_return
auth sufficient pam_unix.so nullok try_first_pass use_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_lsass.so try_first_pass
auth required pam_deny.so -
해결 방안
** Please note** A mistake in the PAM configuration file can lock users out of the system completely.
Always back up the configuration files before performing any changes, and keep a session open so that any changes can be reverted.Resolution:
Add the line try_first_pass to the first pam_vas3.so line in the auth stack.
auth required pam_env.so
auth requisite pam_lsass.so smartcard_prompt try_first_pass
auth sufficient pam_vas3.so create_homedir get_nonvas_pass try_first_pass
auth requisite pam_vas3.so echo_return
auth sufficient pam_unix.so nullok try_first_pass use_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_lsass.so try_first_pass
auth required pam_deny.so