I am having problems using passwd to change passwords stored on an LDAP
database.
I have /etc/pam.d/passwd looking just like it does on my RedHat box:
auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
account required pam_unix.so
account [default=ok user_unknown=ignore service_err=ignore
system_err=ignore] pam_ldap.so
assword required pam_cracklib.so retry=3 minlen=6 difok=3
password sufficient pam_ldap.so use_authtok
password sufficient pam_unix.so use_authtok nullok md5 shadow
password required pam_deny.so
but I get a response like this:
[EMAIL PROTECTED]:~$ passwd
Enter login(LDAP) password:
Changing password for user
(current) UNIX password:
passwd: Critical error - immediate abort
What's going on? How to I get it work nicely?
By the way, Red Hat ships with a very nice pam module, pam_stack.so,
which can be used like this
auth required /lib/security/pam_stack.so service=system-auth
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
PAM then consults the file /etc/pam.d/system-auth to find the actual
stacks. That way, one can, for instance, make all services use pam_ldap
without having to change the stack in every /etc/pam.d/* file.
