From owner-freebsd-bugs@FreeBSD.ORG  Sun Nov  4 12:30:04 2007
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 74CD116A418
	for <freebsd-bugs@hub.freebsd.org>;
	Sun,  4 Nov 2007 12:30:04 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 548B913C4B2
	for <freebsd-bugs@hub.freebsd.org>;
	Sun,  4 Nov 2007 12:30:04 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id lA4CU4I3052106
	for <freebsd-bugs@freefall.freebsd.org>; Sun, 4 Nov 2007 12:30:04 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.1/8.14.1/Submit) id lA4CU4KD052103;
	Sun, 4 Nov 2007 12:30:04 GMT (envelope-from gnats)
Resent-Date: Sun, 4 Nov 2007 12:30:04 GMT
Resent-Message-Id: <200711041230.lA4CU4KD052103@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	"O. Hartmann" <ohartman@zedat.fu-berlin.de>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9ECF116A418
	for <freebsd-gnats-submit@FreeBSD.org>;
	Sun,  4 Nov 2007 12:22:11 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 8DF5F13C4B0
	for <freebsd-gnats-submit@FreeBSD.org>;
	Sun,  4 Nov 2007 12:22:11 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.1/8.14.1) with ESMTP id lA4CM25W089107
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 4 Nov 2007 12:22:02 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.1/8.14.1/Submit) id lA4CM2eI089104;
	Sun, 4 Nov 2007 12:22:02 GMT (envelope-from nobody)
Message-Id: <200711041222.lA4CM2eI089104@www.freebsd.org>
Date: Sun, 4 Nov 2007 12:22:02 GMT
From: "O. Hartmann" <ohartman@zedat.fu-berlin.de>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-3.1
Cc: 
Subject: misc/117812: passwd: incapable of changing LDAP passowrds using
	passwd in FreeBSD 7.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Nov 2007 12:30:04 -0000


>Number:         117812
>Category:       misc
>Synopsis:       passwd: incapable of changing LDAP passowrds using passwd in FreeBSD 7.0
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Nov 04 12:30:03 UTC 2007
>Closed-Date:
>Last-Modified:
>Originator:     O. Hartmann
>Release:        FreeBSD 7.0-BETA2
>Organization:
FU Berlin/Nugg.ad Predictive Behavioral Targeting
>Environment:
>Description:
trying to change passwords for users located in an OpenLDAP server fails due to the incapability of passwd() changing passwords via PAM! Also with chpass() and chsh() which seems not to take PAM into account.

LDAP/OpenLDAP and PAM is now very common over NIS/YP and I can not understand why FreeBSD as server system is not taking this into account.
>How-To-Repeat:
Try to change password using passwd while user is located in OpenLDAP. try to change login shell and passowrd via chsh() and chpass() and you'll fail also.
>Fix:
For passwd() there is a patch around (simply commenting out something in the checking chain), but it seems to be qucik and dirty.

>Release-Note:
>Audit-Trail:
>Unformatted: