Replacing passwd?

[Dan Nelson]

In the last episode (Nov 21), Dan Nelson said:
> In the last episode (Nov 21), Wiktor Niesiobedzki said:
> > I was playing with it today and removing errx function allows passwd
> > to change the password, but the other problem I step on is: How to
> > properly configure /etc/pam.d/passwd
> > 
> > The configuration, which I have now is simply:
> > password        sufficient      /usr/local/lib/pam_ldap.so
> > password        sufficient      pam_unix.so             no_warn try_first_pass nullok
> 
> You probably don't need pam_unix in there at all, since there's no way
> it'll work (no local passwd entry).

I take that back; you do want it, so you can change root's password.
But you need to make it "required", not sufficient.  It's a quirk of
how pam works, I think, but the last entry cannot be marked
"sufficient".

-- 
	Dan Nelson
	dnelson at allantgroup.com