passwd and PAM
I realize this probably isn't a -current issue, but since I don't have any experience with PAM I don't know for sure if it's just me or not. My problem is that the passwd command isn't doing anything, at all. I have the stock pam setup (/etc/pam.d, /etc/pam.conf deleted after running mergemaster). Running adduser will add a user with a password in master.passwd, but running passwd will not change the password, regardless if a password exists or is null. Also, if a user does have a password, with the stock setup not even root can change it without providing the correct previous password. This wasn't intentional was it? Chris To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: passwd and PAM
Great thanks! Chris On 26 Apr 2002, Dag-Erling Smorgrav wrote: bsd [EMAIL PROTECTED] writes: My problem is that the passwd command isn't doing anything, at all. Already fixed, cvsup and rebuild libpam. Also, if a user does have a password, with the stock setup not even root can change it without providing the correct previous password. This wasn't intentional was it? Yes and no. There are some complications regarding NIS. It's high on my list of things to fix. DES -- Dag-Erling Smorgrav - [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: passwd and PAM
bsd [EMAIL PROTECTED] writes: Great thanks! You're welcome. The attached patch should fix the problem with passwd asking root for the old password. DES -- Dag-Erling Smorgrav - [EMAIL PROTECTED] //depot/user/des/pam/lib/libpam/modules/pam_unix/pam_unix.c#14 - /usr/src/lib/libpam/modules/pam_unix/pam_unix.c --- /tmp/tmp.2741.0 Fri Apr 26 21:28:02 2002 +++ /usr/src/lib/libpam/modules/pam_unix/pam_unix.c Fri Apr 26 21:24:35 2002 @@ -313,6 +313,11 @@ PAM_LOG(PRELIM round); + if (getuid() == 0 + (pwd-pw_fields _PWF_SOURCE) == _PWF_FILES) + /* root doesn't need the old password */ + return (pam_set_item(pamh, PAM_OLDAUTHTOK, )); + if (pwd-pw_passwd[0] == '\0' pam_test_option(options, PAM_OPT_NULLOK, NULL)) { /* @@ -338,7 +343,7 @@ PAM_LOG(UPDATE round); retval = pam_get_authtok(pamh, - PAM_AUTHTOK, old_pass, NULL); + PAM_OLDAUTHTOK, old_pass, NULL); if (retval != PAM_SUCCESS) return (retval); PAM_LOG(Got old password);