Seems that I have to add an option "nis" to pam_unix.so to make it work (better). My common-passwd is now:
password [success=1 default=ignore] pam_unix.so obscure sha512 nis
password requisite pam_deny.so
password required pam_permit.so
The other common-* config files are unchanged. Now the
token manipulation error is gone:
% passwd
Changing password for hdunkel.
(current) UNIX password: abc
Enter new UNIX password: xyz
Retype new UNIX password: xyz
passwd: password updated successfully
Looking at the NIServer I see that /etc/shadow is changed,
even though NIS merges passwd and shadow into a single
database. Seems OK to me.
It is just weird that passwd asks for the NIS root password,
if I try to change the local root password:
# passwd
Changing password for root.
NIS server root password:
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
It still accepts and changes the local root password, so
this is not a big issue.
Question: On Debian /etc/pam.d/common-passwd is generated
using pam-auth-update and some templates in /usr/..., AFAICS.
What is the _real_ place to add the "nis" (or other options)
to pam_unix.so? Shouldn't it be set by default, if NIS is
installed?
Regards
Harri
pam_config.tar.gz
Description: application/gzip
