passwd(1), pam_ldap and old PRs

[Jonathan McKeown]

I asked this on -hackers@ several weeks ago and the silence was deafening - 
what I have heard referred to as Warnock's Dilemma.

I'm experimenting with OpenLDAP, pam_ldap, and pgina with the PAM plugin on 
Windows clients, for central authentication in a mixed network.

passwd(1) won't allow me to change a password other than local or NIS.

There are two relevant PRs, one open (bin/71290)and one suspended (bin/59638).

Looking at the source, it appears passwd.c has been rewritten (some years 
since) to use the PAM infrastructure for password changes. This goes most of 
the way to addressing bin/59638. However, there is a switch statement at 
lines 112-126 of /usr/src/usr.bin/passwd/passwd.c (on 6.2-RELEASE) which 
prevents it from working except for files and nis, using constants defined in 
<pwd.h> and commented there as being ``bogus''. bin/71290 includes a patch 
which would fix this (although I do think it would be a shame to lose the 
comment about green men).

Is there any reason other than historical that this PR and patch is being 
ignored and the old behaviour is being preserved? What would be the drawback 
to removing the switch statement as proposed, and allowing passwd(1) to 
change the user's password using PAM, wherever it might be stored?

Jonathan