Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-0829: "Login password prompt" message configured through group policy is presented to local users while logging in via ssh

Authentication Service ,  

12 April,16 at 11:43 AM

Problem:

"Login password prompt" message configured through group policy is presented to local users while logging in via ssh


Cause:

 
This behavior is as a result of trying to avoid a double password prompt when the user enters the wrong password.


Resolution:

Please follow the below steps:
1) Edit /etc/centrifydc/centrifydc.conf and set the parameter:

adclient.autoedit.pam: false

2) In /etc/pam.conf : remove the words "get_first_pass" and "use_first_pass" from the file. i.e.,

a) If you have sshd lines in /etc/pam.conf:

Change:
sshd auth sufficient /.../libpam_centrifydc.so.1 get_first_pass
to
sshd auth sufficient /.../libpam_centrifydc.so.1

b) If you do not have sshd entries in /etc/pam.conf then

Change:
login     auth sufficient        libpam_centrifydc.1 get_first_pass
to
login     auth sufficient        libpam_centrifydc.1

c) Change OTHER line

Change:
OTHER     auth sufficient        libpam_centrifydc.1 get_first_pass
to
OTHER     auth sufficient        libpam_centrifydc.1

d) and also change
login auth required libpam_unix.so.1 use_first_pass
to
login auth required libpam_unix.so.1

3) Restart centrifydc : /sbin/init.d/centrifydc restart and also restart sshd

Note: You MUST remove all instances of use_first_pass when you remove the get_first_pass or you will be locked out of your system. Be very careful while editing /etc/pam.conf

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.