FreeBSD 7/OpenLDAP: Howto change passwords
James Harrison
jamesh at lanl.gov
Mon Nov 26 12:28:58 PST 2007
On Mon, 2007-11-26 at 21:23 +0200, Jonathan McKeown wrote:
> On Monday 26 November 2007 17:11, O. Hartmann wrote:
> > Hello,
> >
> > trying to change passwords on a client machine for a LDAP authenticated
> > user always fails due to the original passwd() command is not capable of
> > changing passwords remotely.
> > Their is a suggested patch, but is there an "official" way to do?
>
> Hi Oliver
>
> I've asked this question several times, here and on -hackers, with no very
> helpful response. I checked for PRs and several have been filed at various
> times and are in various different states.
>
> As far as I can tell, the changes necessary to make passwd(1) work with the
> PAM infrastructure were made some years ago, but were diked out by a switch
> statement which appears to prevent a change to anything but /etc/passwd or
> NIS/YP. This switch relies on a set of constants which are themselves
> commented in the source as being ``bogus''.
>
> The answer to our question may well be something like ``historical reasons''
> or ``Principle of Least Astonishment'', but please, someone...
>
> Is there a sound reason not to remove this guard statement and allow passwd(1)
> to change passwords in accordance with a PAM policy, as it is coded to do?
>
> I've already offered to submit a patch if necessary: it hardly even needs a
> knowledge of C to fix this one - simply remove a switch statement and replace
> it with a simple printf.
>
> Jonathan
> _______________________________________________
My advice would honestly be to write the patch and submit it.
More information about the freebsd-questions
mailing list