Changing a password using PAM as root.

Jeremy Allison jeremy at
Tue May 1 23:40:20 GMT 2001

Jeremy Allison wrote:
> I'm trying to fix up the "unix password sync" code in Samba
> 2.2.1, which uses PAM to change the UNIX password once it is
> verified the user knew the old SMB password.
> smbd is running as root, but I consistently get the message :
> PAM: unable to obtain the old authentication token - was the old password
> wrong?.
> as pam is returning PAM_AUTHTOK_RECOVER_ERR to me from
> the pam_chauthtok() call.
> smbd doesn't know the plaintext of the old password, but is
> running as root so shouldn't need to. Can anyone point me
> to some docs to learn the magic to make linux pam allow a
> password change as root without the old password (and yes
> I'm perusing the pam source code, haven't found it yet, which
> is why I'm asking here :-).

Ok - I've done more work on this - it looks like a particular
pam module issue. If I use in the password line
of my /etc/pam.d/samba file then the password change works.
If I use the (default I think on RedHat 6.2) of
then it fails.

Is this just a bug in that pam module ?


	Jeremy Allison,
	Samba Team.

Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.

More information about the samba-technical mailing list