Package: libpam-modules Version: 1.1.3-7.1 Severity: normal File: /lib/x86_64-linux-gnu/security/pam_unix.so
Hi, I'm using the nis option of pam_unix.so to allow NIS users changing their password via passwd (which allows the use of sha512 hashes instead of crypt hashes which is done by yppasswd). /etc/pam.d/common-password contains: password [success=1 default=ignore] pam_unix.so obscure sha512 nis The following works: * local users may change their local password * NIS users may change their NIS password (with a sane hash) But unfortunately the following no longer works: # passwd Changing password for root. NIS server root password: [pressed return] Enter new UNIX password: Retype new UNIX password: passwd: Authentication token manipulation error passwd: password unchanged # passwd -r files does not change anything # passwd louser Changing password for louser. NIS server root password: [pressed return] Enter new UNIX password: Retype new UNIX password: passwd: Authentication token manipulation error passwd: password unchanged But the following works: # passwd louser Changing password for louser. NIS server root password: [enter old password of local user louser] Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully same for root works, too: # passwd Changing password for root. NIS server root password: [enter old local root password] Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully That does just not work for changing the password of a local user if the old password is not known to root, which requires temporarily editing the pam configuration and disabling the nis option. Andreas -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (700, 'testing'), (600, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-3-amd64 (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libpam-modules:amd64 depends on: ii debconf [debconf-2.0] 1.5.46 ii libc6 2.13-35 ii libdb5.1 5.1.29-5 ii libpam-modules-bin 1.1.3-7.1 ii libpam0g 1.1.3-7.1 ii libselinux1 2.1.9-5 libpam-modules:amd64 recommends no packages. libpam-modules:amd64 suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
