Date: Mon, 26 Nov 2007 21:23:49 +0200 From: Jonathan McKeown <jonathan+freebsd-questions@hst.org.za> To: freebsd-questions@freebsd.org Subject: Re: FreeBSD 7/OpenLDAP: Howto change passwords Message-ID: <200711262123.49623.jonathan%2Bfreebsd-questions@hst.org.za> In-Reply-To: <474AE227.4050005@zedat.fu-berlin.de> References: <474AE227.4050005@zedat.fu-berlin.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday 26 November 2007 17:11, O. Hartmann wrote: > Hello, > > trying to change passwords on a client machine for a LDAP authenticated > user always fails due to the original passwd() command is not capable of > changing passwords remotely. > Their is a suggested patch, but is there an "official" way to do? Hi Oliver I've asked this question several times, here and on -hackers, with no very helpful response. I checked for PRs and several have been filed at various times and are in various different states. As far as I can tell, the changes necessary to make passwd(1) work with the PAM infrastructure were made some years ago, but were diked out by a switch statement which appears to prevent a change to anything but /etc/passwd or NIS/YP. This switch relies on a set of constants which are themselves commented in the source as being ``bogus''. The answer to our question may well be something like ``historical reasons'' or ``Principle of Least Astonishment'', but please, someone... Is there a sound reason not to remove this guard statement and allow passwd(1) to change passwords in accordance with a PAM policy, as it is coded to do? I've already offered to submit a patch if necessary: it hardly even needs a knowledge of C to fix this one - simply remove a switch statement and replace it with a simple printf. Jonathan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200711262123.49623.jonathan%2Bfreebsd-questions>