bin/71290: [PATCH] passwd cannot change passwords other than NIS/local (e.g. via pam_ldap)

Christian Marg marg at
Mon Jul 24 16:50:41 UTC 2006

The following reply was made to PR bin/71290; it has been noted by GNATS.

From: Christian Marg <marg at>
To: bug-followup at,  wielebap at
Subject: Re: bin/71290: [PATCH] passwd cannot change passwords other than
 NIS/local (e.g. via pam_ldap)
Date: Mon, 24 Jul 2006 18:40:27 +0200

 This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
 Content-Type: multipart/mixed;
 This is a multi-part message in MIME format.
 Content-Type: text/plain; charset=ISO-8859-1
 Content-Transfer-Encoding: quoted-printable
 Since I also want to use pam_ldap to change Passwords in LDAP, I
 stumbled about this problem. And after looking into the sources I found
 this comment in <pwd.h>:
 /* XXX These flags are bogus.  With nsswitch, there are many
  * possible sources and they cannot be represented in a small integer.
 #define _PWF_SOURCE	0x3000
 #define _PWF_FILES	0x1000
 #define _PWF_NIS	0x2000
 #define _PWF_HESIOD	0x3000
 So, if the flags are Bogus, why are they tested in passwd.c?
 Just to select which string is printed. Yes, the test has no real purpose=
 Attached is my patch - just strip the select statement that is purely
 cosmetic but hinders people to use passwd.
 Maybe someone considers to commit the patch, so that this bug can be
 closed after a year... :|
 Christian Marg                    mail: mailto:marg at
 Rechenzentrum TU Clausthal        web :
 D-38678 Clausthal-Zellerfeld      fon : 05323/72-2043
 Germany                           ICQ : <on request>
 Content-Type: text/plain;
 Content-Transfer-Encoding: quoted-printable
 Content-Disposition: inline;
 diff -u passwd.c passwd.c.orig
 --- /usr/src/usr.bin/passwd/passwd.c.orig       Mon Jul 24 17:40:16 2006
 +++ /usr/src/usr.bin/passwd/passwd.c    Mon Jul 24 17:54:16 2006
 @@ -109,21 +109,7 @@
         if (uid !=3D 0 && uid !=3D pwd->pw_uid)
                 errx(1, "permission denied");
 -       /* check where the user's from */
 -       switch (pwd->pw_fields & _PWF_SOURCE) {
 -       case _PWF_FILES:
 -               fprintf(stderr, "Changing local password for %s\n",
 -                   pwd->pw_name);
 -               break;
 -       case _PWF_NIS:
 -               fprintf(stderr, "Changing NIS password for %s\n",
 -                   pwd->pw_name);
 -               break;
 -       default:
 -               /* XXX: Green men ought to be supported via PAM. */
 -               errx(1,
 -         "Sorry, `passwd' can only change passwords for local or NIS use=
 -       }
 +       fprintf(stderr, "Changing password for %s\n", pwd->pw_name);
  #define pam_check(func) do { \
         if (pam_err !=3D PAM_SUCCESS) { \
 Content-Type: application/pgp-signature; name="signature.asc"
 Content-Description: OpenPGP digital signature
 Content-Disposition: attachment; filename="signature.asc"
 Version: GnuPG v1.4.4 (MingW32)
 Comment: Using GnuPG with Mozilla -

More information about the freebsd-bugs mailing list