"Daniel Richard G." <sk...@iskunk.org> writes: > I sniffed around a bit more, and it looks like the debug output is going > to /var/log/auth.log. Here's what I see for the abortive password-change > attempt:
> Feb 19 00:20:34 host passwd[9847]: pam_krb5(passwd:chauthtok): > pam_sm_chauthtok: entry (0x4000) > Feb 19 00:20:34 host passwd[9847]: pam_krb5(passwd:chauthtok): (user > kerberosuser) attempting authentication as kerberosu...@my.realm.com > Feb 19 00:20:39 host passwd[9847]: pam_krb5(passwd:chauthtok): > pam_sm_chauthtok: exit (success) > Feb 19 00:20:39 host passwd[9847]: pam_unix(passwd:chauthtok): user > "kerberosuser" does not exist in /etc/passwd > The user is not in /etc/passwd, because this system uses LDAP for the > passwd database: This is the standard pam_unix abort because the user isn't in /etc/shadow. > Unlike the situation that existed previously, password-changing doesn't > work whether pam_krb5 or pam_unix is first in the stack. I get the same > error either way. > So is this a bug in pam_krb5, or pam_unix, or what? It's definitely not a bug in pam_krb5; pam_krb5 is happily doing its thing and returning success. pam_unix is the one returning failure. Whether or not it's a bug in pam_unix is probably a matter of opinion. I suspect that a pam_unix developer would tell you that it's behaving as expected and you need to avoid using pam_unix (or tell PAM that it's allowed to fail) if you don't want to change local UNIX user passwords (since that is, after all, what pam_unix does). -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/334795 Title: cannot change password -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
