Date: Sun, 21 Nov 2004 13:56:26 -0600 From: Dan Nelson <dnelson@allantgroup.com> To: Wiktor Niesiobedzki <bsd@w.evip.pl> Cc: Dick Davies <rasputnik@hellooperator.net> Subject: Re: Replacing passwd? Message-ID: <20041121195626.GA8805@dan.emsphone.com> In-Reply-To: <20041121174033.GA3019@dan.emsphone.com> References: <419CD314.80900@fer.hr> <20041118171012.GB19265@dan.emsphone.com> <20041120222325.GC17297@lb.tenfour> <20041121020745.GC94473@dan.emsphone.com> <20041121144905.GE3584@mail.evip.pl> <20041121174033.GA3019@dan.emsphone.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In the last episode (Nov 21), Dan Nelson said: > In the last episode (Nov 21), Wiktor Niesiobedzki said: > > I was playing with it today and removing errx function allows passwd > > to change the password, but the other problem I step on is: How to > > properly configure /etc/pam.d/passwd > > > > The configuration, which I have now is simply: > > password sufficient /usr/local/lib/pam_ldap.so > > password sufficient pam_unix.so no_warn try_first_pass nullok > > You probably don't need pam_unix in there at all, since there's no way > it'll work (no local passwd entry). I take that back; you do want it, so you can change root's password. But you need to make it "required", not sufficient. It's a quirk of how pam works, I think, but the last entry cannot be marked "sufficient". -- Dan Nelson dnelson@allantgroup.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041121195626.GA8805>