bin/71290: [PATCH] passwd cannot change passwords other than
NIS/local (e.g. via pam_ldap)
Pawel Wieleba
wielebap at iem.pw.edu.pl
Thu Sep 2 08:00:42 PDT 2004
>Number: 71290
>Category: bin
>Synopsis: [PATCH] passwd cannot change passwords other than NIS/local (e.g. via pam_ldap)
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Sep 02 15:00:37 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator: Pawel Wieleba
>Release: FreeBSD 5.2.1
>Organization:
>Environment:
FreeBSD server 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE #0:
>Description:
Initially this problem was announced in PR#71202. I was asked by marcus to divde this PR and so I'm doing.
This problem (and two others) is described in the article:
http://www.iem.pw.edu.pl/~wielebap/ldap/pam_ldap/pam_ldap_doc.pdf
You can also check PR #71287(pam_ldap).
Description
I cannot change passwords LDAP users passwords via pam_ldap. Why it is prohibited??? Are there any security problems???
Please let me know,
CU
Pawel Wieleba
Example config:
% cat /etc/pam.d/passwd
password sufficient pam_unix.so no_warn try_first_pass nullok
password sufficient pam_ldap.so use_first_pass
>How-To-Repeat:
>Fix:
You have to change and recompile /usr/src/usr.bin/passwd to enable changing pam_ldap passwords (I use this patch).
A patch:
%diff -u passwd.c.orig passwd.c
--- /usr/src/usr.bin/passwd/passwd.c.orig Mon May 24 19:41:40 2004
+++ /usr/src/usr.bin/passwd/passwd.c Tue Aug 31 18:03:00 2004
@@ -121,8 +121,7 @@
break;
default:
/* XXX: Green men ought to be supported via PAM. */
- errx(1,
- "Sorry, `passwd' can only change passwords for local or NIS users.");
+ fprintf(stderr, "Now you can change LDAP passwordi via PAM\n");
}
#define pam_check(func) do { \
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list