[Pkg-shadow-devel] Bug#321384: marked as forwarded (su refuses to change an expired password for root)

Debian Bug Tracking System owner at bugs.debian.org
Sat Aug 6 14:03:20 UTC 2005 

Your message dated Sat, 6 Aug 2005 16:47:01 +0300
with message-id <20050806134701.GA23804 at cherokee.kiev.ua>
has caused the Debian Bug report #321384,
regarding su refuses to change an expired password for root
to be marked as having been forwarded to the upstream software
author(s) Tomasz KÅ‚oczko <kloczek at zie.pg.gda.pl>.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

---------------------------------------
Received: (at 321384-forwarded) by bugs.debian.org; 6 Aug 2005 13:47:02 +0000
>From arg at online.com.ua Sat Aug 06 06:47:02 2005
Return-path: <arg at online.com.ua>
Received: from cluster2.online.com.ua (cluster1.uol.ua) [195.123.61.210] (root)
	by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
	id 1E1P0w-0008FZ-00; Sat, 06 Aug 2005 06:47:02 -0700
Received: from [194.242.118.244] (account arg at online.com.ua HELO localhost)
  by cluster1.uol.ua ( Ukraine Online SMTP 4.2.8)
  with ESMTP-TLS id 25562491; Sat, 06 Aug 2005 17:08:02 +0300
Date: Sat, 6 Aug 2005 16:47:01 +0300
From: Alexander Gattin <arg at online.com.ua>
To: Tomasz =?utf-8?Q?K=C5=82oczko?= <kloczek at zie.pg.gda.pl>
Cc: 321384 at bugs.debian.org, 321384-forwarded at bugs.debian.org
Subject: Re: Bug#321384: [Pkg-shadow-devel] Bug#321384: su refuses to change an expired password for root
Message-ID: <20050806134701.GA23804 at cherokee.kiev.ua>
References: <OFD3089151.4591895B-ONC1257054.0028D880-C1257054.00290F01 at de.ibm.com> <20050805230550.GB16296 at nekral.homelinux.net> <20050806123636.GA450 at cherokee.kiev.ua>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20050806123636.GA450 at cherokee.kiev.ua>
Delivered-To: 321384-forwarded at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-5.0 required=4.0 tests=BAYES_01,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 2

And even more, I think it may/should include:
> >  		if (amroot) {
> >  			fprintf (stderr, _("%s: %s\n(Ignored)\n"), Prog,
> >  				 pam_strerror (pamh, ret));
> > +		} else if (ret == PAM_NEW_AUTHTOK_REQD) {
    +			SYSLOG ((LOG_NOTICE, "pam_chauthtok: %s",
    +				 pam_strerror (pamh, ret)));
> > +			ret = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
I.e. make notice to syslog independently on the user
changing her "authtok" successfully or not.

and instead of:
> > +			if (ret != PAM_SUCCESS) {
> > +				SYSLOG ((LOG_ERR, "pam_chauthtok: %s",
> > +				         pam_strerror (pamh, ret)));
> > +				fprintf (stderr, _("%s: %s\n"), Prog,
> > +				         pam_strerror (pamh, ret));
> > +				pam_end (pamh, ret);
> > +				su_failure (tty);
> > +			}
maybe just PAM_FAIL_CHECK;???

More information about the Pkg-shadow-devel mailing list