winbind pam-config: fix account section (!66) · Merge requests · Debian Samba Team / samba

Sascha Lucas requested to merge sascha/samba:pam_winbind_fix_account into master May 09, 2025

This fixes a bug[1], where the PAM "account" part will never be executed because the pam_unix usually return success due the presence of the nss-winbind library.

The bug reporter points to sssd, how the problem is solved there, by making the account section of type "Additional". This way pam_winbind is always executed and i.e. enforces users with expired passwords to change it before logging in.

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907318

winbind pam-config: fix account section

Merge request reports