(Question)how to handle password change of user with pam_google_authenticator.so configuration

[raviteja-b]

I have updated PAM configuration to include google-authenticator configuration as suggested I have setup secret key and TOTP authentication works for each user.

Here is list of PAM files I have updated to configure pam_google_authenticator cat /etc/pam.d/common-password password [success=ok default=die] pam_google_authenticator.so

cat /etc/pam.d/common-auth auth required pam_google_authenticator.so forward_pass nullok

cat /etc/pam.d/common-account account [success=ignore default=ignore] pam_google_authenticator.so

I keep getting error while I try to change password of any user on that system

passwd
passwd: Module is unknown
passwd: password unchanged

passwd[487]: PAM unable to resolve symbol: pam_sm_chauthtok

did I miss any PAM configuration? why does password change of user fails? how to handle password change of user with google-authenticator enabled as 2-Factor auth?

[ThomasHabets]

As I told you in https://github.com/google/google-authenticator-libpam/issues/252, this is not implemented.

[raviteja-b]

As I told you in #252, this is not implemented.

Change password is critical function on most of the systems where admin needs to change password as per password policy, This is very important function breakage with google-authenticator enabled on system.

can you please consider this feature request?

[ThomasHabets]

As the error message says, it needs pam_sm_chauthtok to be implemented.

This issue was not filed as a feature request. Also while I'd accept will written PRs, filing a feature request likely won't make anybody actually do it.

[raviteja-b]

with google-authenticator pam configuration, I see this error trace PAM unable to resolve symbol: pam_sm_acct_mgmt @ThomasHabets do you think pam_sm_acct_mgmt() needs to be implemented similar to pam_sm_chauthtok ??

[ThomasHabets]

Don't know. Sounds like it.