Changing a password using PAM as root.

Steve Langasek vorlon at
Wed May 2 05:35:50 GMT 2001

Hi Jeremy,

On Tue, 1 May 2001, Jeremy Allison wrote:

> > as pam is returning PAM_AUTHTOK_RECOVER_ERR to me from
> > the pam_chauthtok() call.

> > smbd doesn't know the plaintext of the old password, but is
> > running as root so shouldn't need to. Can anyone point me
> > to some docs to learn the magic to make linux pam allow a
> > password change as root without the old password (and yes
> > I'm perusing the pam source code, haven't found it yet, which
> > is why I'm asking here :-).

> Ok - I've done more work on this - it looks like a particular
> pam module issue. If I use in the password line
> of my /etc/pam.d/samba file then the password change works.
> If I use the (default I think on RedHat 6.2) of
> then it fails.

> Is this just a bug in that pam module ?

This seems likely to be a bug either in the pam module itself, or in the
documentation which fails to outline the module's expectations. :)  Is Samba
running with uid=0,euid=0 when you invoke PAM?  There are so many ways for
PAM modules to misinterpret and mishandle the uid settings, and far too few of
them are limited to the theoretical.

Steve Langasek
postmodern programmer

More information about the samba-technical mailing list