Hi Jeremy, On Tue, 1 May 2001, Jeremy Allison wrote: > > as pam is returning PAM_AUTHTOK_RECOVER_ERR to me from > > the pam_chauthtok() call. > > smbd doesn't know the plaintext of the old password, but is > > running as root so shouldn't need to. Can anyone point me > > to some docs to learn the magic to make linux pam allow a > > password change as root without the old password (and yes > > I'm perusing the pam source code, haven't found it yet, which > > is why I'm asking here :-). > Ok - I've done more work on this - it looks like a particular > pam module issue. If I use pam_unix.so in the password line > of my /etc/pam.d/samba file then the password change works. > If I use the (default I think on RedHat 6.2) of pam_pwdb.so > then it fails. > Is this just a bug in that pam module ? This seems likely to be a bug either in the pam module itself, or in the documentation which fails to outline the module's expectations. :) Is Samba running with uid=0,euid=0 when you invoke PAM? There are so many ways for PAM modules to misinterpret and mishandle the uid settings, and far too few of them are limited to the theoretical. Steve Langasek postmodern programmer
