Changing a password using PAM as root.
Jeremy Allison
jeremy at valinux.com
Tue May 1 23:40:20 GMT 2001
Jeremy Allison wrote:
>
> I'm trying to fix up the "unix password sync" code in Samba
> 2.2.1, which uses PAM to change the UNIX password once it is
> verified the user knew the old SMB password.
>
> smbd is running as root, but I consistently get the message :
>
> PAM: unable to obtain the old authentication token - was the old password
> wrong?.
>
> as pam is returning PAM_AUTHTOK_RECOVER_ERR to me from
> the pam_chauthtok() call.
>
> smbd doesn't know the plaintext of the old password, but is
> running as root so shouldn't need to. Can anyone point me
> to some docs to learn the magic to make linux pam allow a
> password change as root without the old password (and yes
> I'm perusing the pam source code, haven't found it yet, which
> is why I'm asking here :-).
Ok - I've done more work on this - it looks like a particular
pam module issue. If I use pam_unix.so in the password line
of my /etc/pam.d/samba file then the password change works.
If I use the (default I think on RedHat 6.2) of pam_pwdb.so
then it fails.
Is this just a bug in that pam module ?
Regards,
Jeremy Allison,
Samba Team.
--
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------
More information about the samba-technical
mailing list