[Pkg-shadow-devel] Bug#651042: token manipulation error for NIS
Harald Dunkel
harald.dunkel at aixigo.de
Wed Jan 11 07:44:05 UTC 2012
Seems that I have to add an option "nis" to pam_unix.so to
make it work (better). My common-passwd is now:
password [success=1 default=ignore] pam_unix.so obscure sha512 nis
password requisite pam_deny.so
password required pam_permit.so
The other common-* config files are unchanged. Now the
token manipulation error is gone:
% passwd
Changing password for hdunkel.
(current) UNIX password: abc
Enter new UNIX password: xyz
Retype new UNIX password: xyz
passwd: password updated successfully
Looking at the NIServer I see that /etc/shadow is changed,
even though NIS merges passwd and shadow into a single
database. Seems OK to me.
It is just weird that passwd asks for the NIS root password,
if I try to change the local root password:
# passwd
Changing password for root.
NIS server root password:
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
It still accepts and changes the local root password, so
this is not a big issue.
Question: On Debian /etc/pam.d/common-passwd is generated
using pam-auth-update and some templates in /usr/..., AFAICS.
What is the _real_ place to add the "nis" (or other options)
to pam_unix.so? Shouldn't it be set by default, if NIS is
installed?
Regards
Harri
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pam_config.tar.gz
Type: application/gzip
Size: 5094 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/attachments/20120111/0868da96/attachment.bin>
More information about the Pkg-shadow-devel
mailing list