[Pkg-shadow-devel] Bug#651042: token manipulation error for NIS

Harald Dunkel harald.dunkel at aixigo.de
Wed Jan 11 07:44:05 UTC 2012

Seems that I have to add an option "nis" to pam_unix.so to
make it work (better). My common-passwd is now:

password [success=1 default=ignore]	pam_unix.so obscure sha512 nis
password requisite			pam_deny.so
password required			pam_permit.so

The other common-* config files are unchanged. Now the
token manipulation error is gone:

	% passwd
	Changing password for hdunkel.
	(current) UNIX password: abc
	Enter new UNIX password: xyz
	Retype new UNIX password: xyz
	passwd: password updated successfully

Looking at the NIServer I see that /etc/shadow is changed,
even though NIS merges passwd and shadow into a single
database. Seems OK to me.

It is just weird that passwd asks for the NIS root password,
if I try to change the local root password:

	# passwd
	Changing password for root.
	NIS server root password:
	Enter new UNIX password:
	Retype new UNIX password:
	passwd: password updated successfully

It still accepts and changes the local root password, so
this is not a big issue.

Question: On Debian /etc/pam.d/common-passwd is generated
using pam-auth-update and some templates in /usr/..., AFAICS.
What is the _real_ place to add the "nis" (or other options)
to pam_unix.so? Shouldn't it be set by default, if NIS is


-------------- next part --------------
A non-text attachment was scrubbed...
Name: pam_config.tar.gz
Type: application/gzip
Size: 5094 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/attachments/20120111/0868da96/attachment.bin>

More information about the Pkg-shadow-devel mailing list