From owner-freebsd-questions@FreeBSD.ORG Tue Sep 4 14:41:22 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 34E3C16A41A for ; Tue, 4 Sep 2007 14:41:22 +0000 (UTC) (envelope-from jonathan+freebsd-questions@hst.org.za) Received: from hermes.hst.org.za (onix.hst.org.za [209.203.2.133]) by mx1.freebsd.org (Postfix) with ESMTP id 656FB13C4CE for ; Tue, 4 Sep 2007 14:41:20 +0000 (UTC) (envelope-from jonathan+freebsd-questions@hst.org.za) Received: from sysadmin.hst.org.za (sysadmin.int.dbn.hst.org.za [10.1.1.20]) (authenticated bits=0) by hermes.hst.org.za (8.13.8/8.13.8) with ESMTP id l84EbVc3030122 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO) for ; Tue, 4 Sep 2007 16:37:31 +0200 (SAST) (envelope-from jonathan+freebsd-questions@hst.org.za) From: Jonathan McKeown Organization: Health Systems Trust To: freebsd-questions@freebsd.org Date: Tue, 4 Sep 2007 16:43:51 +0200 User-Agent: KMail/1.7.2 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200709041643.51691.jonathan+freebsd-questions@hst.org.za> X-Spam-Score: -3.977 () ALL_TRUSTED,BAYES_00 X-Scanned-By: MIMEDefang 2.61 on 209.203.2.133 Subject: passwd(1), pam_ldap and old PRs X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Sep 2007 14:41:22 -0000 I asked this on -hackers@ several weeks ago and the silence was deafening - what I have heard referred to as Warnock's Dilemma. I'm experimenting with OpenLDAP, pam_ldap, and pgina with the PAM plugin on Windows clients, for central authentication in a mixed network. passwd(1) won't allow me to change a password other than local or NIS. There are two relevant PRs, one open (bin/71290)and one suspended (bin/59638). Looking at the source, it appears passwd.c has been rewritten (some years since) to use the PAM infrastructure for password changes. This goes most of the way to addressing bin/59638. However, there is a switch statement at lines 112-126 of /usr/src/usr.bin/passwd/passwd.c (on 6.2-RELEASE) which prevents it from working except for files and nis, using constants defined in and commented there as being ``bogus''. bin/71290 includes a patch which would fix this (although I do think it would be a shame to lose the comment about green men). Is there any reason other than historical that this PR and patch is being ignored and the old behaviour is being preserved? What would be the drawback to removing the switch statement as proposed, and allowing passwd(1) to change the user's password using PAM, wherever it might be stored? Jonathan