System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Pam Admin Changes user password. Pam does not send notification via email to user.

 
Anthony Walls
Occasional Advisor

Pam Admin Changes user password. Pam does not send notification via email to user.

When the admin changes a users password through the PAM interface the message an email has been sent to the user with new password appears. However the user never receives the email and a look at the sendmail logs shows that there was no attempt to send an email. Now everything else using email for notification is working so I don't have a problem with sendmail.

I admit ignorance of Pam. I'm running FDA Regulated boxes with Etrust access control 5.11
HP-UX B.11.11. If anyone knows of this problem or what to check for I would greatly appreciate it.
2 REPLIES
Bill Hassell
Honored Contributor

Re: Pam Admin Changes user password. Pam does not send notification via email to user.

I am running 11.11 with Access Control too...I don't remember anything in HP-UX or Etrust AC that would send email with a password. In fact, if I ever found such a feature, I would immediately disable it. A password in an email so obviously defeats the purpose of a password, it is simpler to tell everyone that there are no passwords.

Since you are running CA's Access Control, someone spent a lot of money to provide additional access and security controls. Any good auditor would write up a finding if such email is discovered.


Bill Hassell, sysadmin
Anthony Walls
Occasional Advisor

Re: Pam Admin Changes user password. Pam does not send notification via email to user.

I would agree with you if the case was not such that this is a FDA requirement. The Pluggable Authentication Module Pam Does send an email to the user. However in the last two days it has stopped doing it. What concerns me now is that people with Pam Admin rights can no longer change a users password since they are unable to see the passwords that the user has been changed to. Leaving it to the root user to do it and still send the new password through an email.