When their password expires, NIS+ users are prompted to change their password. Upon entering the correct creds the session terminates and the password is not changed. Typically a "Permission denied" or "NIS+ system error" is generated. Either normal "telnet" connections or password resets by administrators are required in order to allow the user to log in successfully. In session.c do_pam_chauthtok() is a) called before do_pam_setcred(), and b) do_pam_chauthtok() does not set the real UID to the target user. (effective stays as UID=0). If these changes are made, the credential update works for both NIS+ and local accounts.
... although it still does not work with logons to the root master. Seem to be getting a "corrupted window" when negotiating with rpc.nispasswdd.
Created attachment 503 [details] Do chauthtok via SSH2 keyboard-interactive. Please try this patch? There's still work to be done on it but it seems to work with local passwords.
A later version patch #503 has been committed and is in the current snapshots. Could you please test one and see if it resolves your problem?
*** Bug 730 has been marked as a duplicate of this bug. ***
Comments in bug #730 indicate that this is fixed with the chauthtok-via-kbdint patch that is in 3.8p1 and up. Please reopen this bug if that is not the case.
Mass change of RESOLVED bugs to CLOSED