passwd and PAM

2002-04-26 Thread bsd 


I realize this probably isn't a -current issue, but since I don't have any
experience with PAM I don't know for sure if it's just me or not.


My problem is that the passwd command isn't doing anything, at all.  I
have the stock pam setup (/etc/pam.d, /etc/pam.conf deleted after running
mergemaster).  Running adduser will add a user with a password in
master.passwd, but running passwd will not change the password, regardless
if a password exists or is null.

Also, if a user does have a password, with the stock setup not even root
can change it without providing the correct previous password.  This
wasn't intentional was it?

Chris



To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-current in the body of the message

Re: passwd and PAM

2002-04-26 Thread bsd 


Great thanks!

Chris

On 26 Apr 2002, Dag-Erling Smorgrav wrote:

 bsd [EMAIL PROTECTED] writes:
  My problem is that the passwd command isn't doing anything, at all.

 Already fixed, cvsup and rebuild libpam.

  Also, if a user does have a password, with the stock setup not even root
  can change it without providing the correct previous password.  This
  wasn't intentional was it?

 Yes and no.  There are some complications regarding NIS.  It's high on
 my list of things to fix.

 DES
 --
 Dag-Erling Smorgrav - [EMAIL PROTECTED]

 To Unsubscribe: send mail to [EMAIL PROTECTED]
 with unsubscribe freebsd-current in the body of the message



To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-current in the body of the message

Re: passwd and PAM

2002-04-26 Thread Dag-Erling Smorgrav 

bsd [EMAIL PROTECTED] writes:
 Great thanks!

You're welcome.  The attached patch should fix the problem with passwd
asking root for the old password.

DES
-- 
Dag-Erling Smorgrav - [EMAIL PROTECTED]



 //depot/user/des/pam/lib/libpam/modules/pam_unix/pam_unix.c#14 - /usr/src/lib/libpam/modules/pam_unix/pam_unix.c 
--- /tmp/tmp.2741.0	Fri Apr 26 21:28:02 2002
+++ /usr/src/lib/libpam/modules/pam_unix/pam_unix.c	Fri Apr 26 21:24:35 2002
@@ -313,6 +313,11 @@
 
 		PAM_LOG(PRELIM round);
 
+		if (getuid() == 0 
+		(pwd-pw_fields  _PWF_SOURCE) == _PWF_FILES)
+			/* root doesn't need the old password */
+			return (pam_set_item(pamh, PAM_OLDAUTHTOK, ));
+
 		if (pwd-pw_passwd[0] == '\0'
 		 pam_test_option(options, PAM_OPT_NULLOK, NULL)) {
 			/*
@@ -338,7 +343,7 @@
 		PAM_LOG(UPDATE round);
 
 		retval = pam_get_authtok(pamh,
-		PAM_AUTHTOK, old_pass, NULL);
+		PAM_OLDAUTHTOK, old_pass, NULL);
 		if (retval != PAM_SUCCESS)
 			return (retval);
 		PAM_LOG(Got old password);