1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
Patch from Philippe Troin <phil@fifi.org>
Originally this included a bunch of changes to locking, but the more
recent code pulled from Linux_pam CVS seems to fix that issue.
Index: pam.deb/modules/pam_unix/pam_unix_passwd.c
===================================================================
--- pam.deb.orig/modules/pam_unix/pam_unix_passwd.c
+++ pam.deb/modules/pam_unix/pam_unix_passwd.c
@@ -577,7 +577,7 @@
if (_unix_blankpasswd(pamh, ctrl, user)) {
return PAM_SUCCESS;
- } else if (off(UNIX__IAMROOT, ctrl)) {
+ } else if (off(UNIX__IAMROOT, ctrl) || on(UNIX_NIS, ctrl)) {
/* instruct user what is happening */
if (asprintf(&Announce, _("Changing password for %s."),
user) < 0) {
@@ -590,7 +590,9 @@
set(UNIX__OLD_PASSWD, lctrl);
retval = _unix_read_password(pamh, lctrl
,Announce
- ,_("(current) UNIX password: ")
+ ,(on(UNIX__IAMROOT, ctrl)
+ ? _("NIS server root password: ")
+ : _("(current) UNIX password: "))
,NULL
,_UNIX_OLD_AUTHTOK
,&pass_old);
@@ -601,9 +603,12 @@
"password - (old) token not obtained");
return retval;
}
- /* verify that this is the password for this user */
+ /* verify that this is the password for this user
+ * if we're not using NIS */
- retval = _unix_verify_password(pamh, user, pass_old, ctrl);
+ if (off(UNIX_NIS, ctrl)) {
+ retval = _unix_verify_password(pamh, user, pass_old, ctrl);
+ }
} else {
D(("process run by root so do nothing this time around"));
pass_old = NULL;
|
