1 files changed, 44 insertions, 0 deletions

diff --git a/debian/patches-applied/021_nis_cleanup b/debian/patches-applied/021_nis_cleanup
new file mode 100644
index 00000000..86e80927
--- /dev/null
+++ b/debian/patches-applied/021_nis_cleanup
@@ -0,0 +1,44 @@
+Patch from Philippe Troin    <phil@fifi.org>
+
+Originally this included a bunch of changes to locking, but the more
+recent code pulled from Linux_pam CVS seems to fix that issue.
+
+Index: pam.deb/modules/pam_unix/pam_unix_passwd.c
+===================================================================
+--- pam.deb.orig/modules/pam_unix/pam_unix_passwd.c
++++ pam.deb/modules/pam_unix/pam_unix_passwd.c
+@@ -588,7 +588,7 @@
+ 
+ 		if (_unix_blankpasswd(pamh, ctrl, user)) {
+ 			return PAM_SUCCESS;
+-		} else if (off(UNIX__IAMROOT, ctrl)) {
++		} else if (off(UNIX__IAMROOT, ctrl) || on(UNIX_NIS, ctrl)) {
+ 			/* instruct user what is happening */
+ 			if (asprintf(&Announce, _("Changing password for %s."),
+ 				user) < 0) {
+@@ -601,7 +601,9 @@
+ 			set(UNIX__OLD_PASSWD, lctrl);
+ 			retval = _unix_read_password(pamh, lctrl
+ 						     ,Announce
+-					     ,_("(current) UNIX password: ")
++					     ,(on(UNIX__IAMROOT, ctrl)
++			                       ? _("NIS server root password: ")
++			                       : _("(current) UNIX password: "))
+ 						     ,NULL
+ 						     ,_UNIX_OLD_AUTHTOK
+ 					     ,&pass_old);
+@@ -612,9 +614,12 @@
+ 				    "password - (old) token not obtained");
+ 				return retval;
+ 			}
+-			/* verify that this is the password for this user */
++			/* verify that this is the password for this user
++			 * if we're not using NIS */
+ 
+-			retval = _unix_verify_password(pamh, user, pass_old, ctrl);
++			if (off(UNIX_NIS, ctrl)) {
++				retval = _unix_verify_password(pamh, user, pass_old, ctrl);
++			}
+ 		} else {
+ 			D(("process run by root so do nothing this time around"));
+ 			pass_old = NULL;