Hi Tomas, On Linux-PAM-1.1.6, I do 'make xtests' get a FAIL (tst-pam_history1). As commit 585f6c06b2d3574935ed62c3084f2aadd6d1defb("pam_pwhistory: Always record the old password even when root changes it."), maybe here we lose a reinitialization for newpass in pam_sm_chauthtok. As commit bd07ad3adc626f842a4391d256541883426fd389("Reflect the enforce_for_root semantics change in pam_pwhistory xtest."), add an option 'enforce_for_root' can make the 'tst-pam_history1' PASS. What do you think? Regards Wang ------------------------------------------------------------------------------------------------------ --- modules/pam_pwhistory/pam_pwhistory.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/pam_pwhistory/pam_pwhistory.c b/modules/pam_pwhistory/pam_pwhistory.c index 654edd3..bc9319e 100644 --- a/modules/pam_pwhistory/pam_pwhistory.c +++ b/modules/pam_pwhistory/pam_pwhistory.c @@ -210,12 +210,12 @@ pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) if (check_old_pass (pamh, user, newpass, options.debug) != PAM_SUCCESS) { + newpass = NULL; if (getuid() || options.enforce_for_root || (flags & PAM_CHANGE_EXPIRED_AUTHTOK)) { pam_error (pamh, _("Password has been already used. Choose another.")); - newpass = NULL; /* Remove password item, else following module will use it */ pam_set_item (pamh, PAM_AUTHTOK, (void *) NULL); } -- 1.7.12 _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list