Bug 695

Summary: Cannot change password in PAM NIS+ environment
Product: Portable OpenSSH Reporter: Paul Bolton <paul.a.bolton>
Component: PAM supportAssignee: OpenSSH Bugzilla mailing list <openssh-bugs>
Status: CLOSED FIXED    
Severity: major CC: stefan
Priority: P2    
Version: 3.7.1p1   
Hardware: UltraSPARC   
OS: Solaris   
Attachments:
Description Flags
Do chauthtok via SSH2 keyboard-interactive. none

Description Paul Bolton 2003-09-22 02:54:40 AEST 
When their password expires, NIS+ users are prompted to change their password.
Upon entering the correct creds the session terminates and the password is not
changed. Typically a "Permission denied" or "NIS+ system error" is generated.
Either normal "telnet" connections or password resets by administrators are
required in order to allow the user to log in successfully.

In session.c do_pam_chauthtok() is a) called before do_pam_setcred(), and b)
do_pam_chauthtok() does not set the real UID to the target user. (effective
stays as UID=0).

If these changes are made, the credential update works for both NIS+ and local
accounts.
Comment 1 Paul Bolton 2003-09-22 17:54:45 AEST 
... although it still does not work with logons to the root master. Seem to be
getting a "corrupted window" when negotiating with rpc.nispasswdd.
Comment 2 Darren Tucker 2003-11-20 00:03:03 AEDT 
Created attachment 503 [details]
Do chauthtok via SSH2 keyboard-interactive.

Please try this patch?	There's still work to be done on it but it seems to
work with local passwords.
Comment 3 Darren Tucker 2004-01-24 18:35:21 AEDT 
A later version patch #503 has been committed and is in the current snapshots. 
Could you please test one and see if it resolves your problem?
Comment 4 Darren Tucker 2004-01-24 18:46:56 AEDT 
*** Bug 730 has been marked as a duplicate of this bug. ***
Comment 5 Darren Tucker 2004-03-30 12:19:33 AEST 
Comments in bug #730 indicate that this is fixed with the chauthtok-via-kbdint
patch that is in 3.8p1 and up.  Please reopen this bug if that is not the case.
Comment 6 Damien Miller 2004-04-14 12:24:19 AEST 
Mass change of RESOLVED bugs to CLOSED