Package: libpam-modules Version: 0.99.7.1-5 The passwd target of the module pam_unix fails to update passwords on NIS, even when the argument "nis" is given.
(something like password required pam_unix.so nis nullok obscure min=4 md5 in /etc/pam.d/common-passwd) The command passwd fails just after the old password is entered : $ passwd Changing password for quentin. (current) UNIX password: passwd: Authentication service cannot retrieve authentication info passwd: password unchanged $ The problem lies within the function pam_unix_passwd.c:_unix_verify_shadow, which calls _unix_getpwnam with bad arguments. This call was added with Debian patch 026_pam_unix_passwd_unknown_user. I suggest the following patch be applied (it has to be applied on the patched tree, but maybe it was not the good way to do) It also corrects another call to _unix_getpwnam, where a nis call is tried even when nis is not given in the command line. It was tried on NIS with shadow support and also on a machine without nis and without the nis switch on the module command. --- Signed-off-by: Quentin Godfroy <[EMAIL PROTECTED]> diff -ruNp pam-0.99.7.1/Linux-PAM/modules/pam_unix/pam_unix_passwd.c pam-0.99.7.1-patch/Linux-PAM/modules/pam_unix/pam_unix_passwd.c --- pam-0.99.7.1/Linux-PAM/modules/pam_unix/pam_unix_passwd.c 2008-03-05 20:30:37.000000000 +0100 +++ pam-0.99.7.1-patch/Linux-PAM/modules/pam_unix/pam_unix_passwd.c 2008-03-05 21:30:56.000000000 +0100 @@ -879,7 +879,7 @@ static int _unix_verify_shadow(pam_handl int retval = PAM_SUCCESS; /* UNIX passwords area */ - _unix_getpwnam(pamh, user, 1, 0, &pwd); /* Get password *file* entry... */ + _unix_getpwnam(pamh, user, 1, on(UNIX_NIS, ctrl), &pwd); /* Get password entry... */ if (pwd == NULL) return PAM_AUTHINFO_UNAVAIL; /* We don't need to do the rest... */ @@ -1073,7 +1073,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand return PAM_USER_UNKNOWN; } else { struct passwd *pwd; - _unix_getpwnam(pamh, user, 1, 1, &pwd); + _unix_getpwnam(pamh, user, 1, on(UNIX_NIS, ctrl), &pwd); if (pwd == NULL) { pam_syslog(pamh, LOG_DEBUG, "user \"%s\" has corrupted passwd entry", @@ -1155,7 +1151,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand pam_syslog(pamh, LOG_CRIT, "failed to set PAM_OLDAUTHTOK"); } - retval = _unix_verify_shadow(pamh,user, ctrl); + retval = _unix_verify_shadow(pamh, user, ctrl); if (retval == PAM_AUTHTOK_ERR) { if (off(UNIX__IAMROOT, ctrl)) _make_remark(pamh, ctrl, PAM_ERROR_MSG, -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]