From owner-freebsd-questions@FreeBSD.ORG Mon Nov 26 19:20:05 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A8E4716A419 for ; Mon, 26 Nov 2007 19:20:05 +0000 (UTC) (envelope-from jonathan+freebsd-questions@hst.org.za) Received: from hermes.hst.org.za (onix.hst.org.za [209.203.2.133]) by mx1.freebsd.org (Postfix) with ESMTP id DE85E13C458 for ; Mon, 26 Nov 2007 19:20:03 +0000 (UTC) (envelope-from jonathan+freebsd-questions@hst.org.za) Received: from [10.1.11.1] ([10.1.11.1]) (authenticated bits=0) by hermes.hst.org.za (8.13.8/8.13.8) with ESMTP id lAQJHE9v098108 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Mon, 26 Nov 2007 21:17:14 +0200 (SAST) (envelope-from jonathan+freebsd-questions@hst.org.za) From: Jonathan McKeown To: freebsd-questions@freebsd.org Date: Mon, 26 Nov 2007 21:23:49 +0200 User-Agent: KMail/1.9.4 References: <474AE227.4050005@zedat.fu-berlin.de> In-Reply-To: <474AE227.4050005@zedat.fu-berlin.de> Organization: Health Systems Trust X-Face: $@VrUx^RHy/}yu]jKf/<4T%/d|F+$j-Ol2"2J$q+%OK1]&/G_S9(=?iso-8859-15?q?HkaQ*=60!=3FYOK=3FY!=27M=60C=0A=09aP=5C9nVPF8Q=7DCilHH8l?= =?iso-8859-15?q?=3B=7E!42HK6=273lg4J=7Daz?=@1Dqqh:J]M^"YPn*2IWrZON$1+G?oX3@ =?iso-8859-15?q?k=230=0A=0954XDRg=3DYn=5FF-etwot4U=24b?=dTS{i X-Spam-Score: -4.329 () ALL_TRUSTED,AWL,BAYES_00 X-Scanned-By: MIMEDefang 2.61 on 209.203.2.133 Subject: Re: FreeBSD 7/OpenLDAP: Howto change passwords X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Nov 2007 19:20:05 -0000 On Monday 26 November 2007 17:11, O. Hartmann wrote: > Hello, > > trying to change passwords on a client machine for a LDAP authenticated > user always fails due to the original passwd() command is not capable of > changing passwords remotely. > Their is a suggested patch, but is there an "official" way to do? Hi Oliver I've asked this question several times, here and on -hackers, with no very helpful response. I checked for PRs and several have been filed at various times and are in various different states. As far as I can tell, the changes necessary to make passwd(1) work with the PAM infrastructure were made some years ago, but were diked out by a switch statement which appears to prevent a change to anything but /etc/passwd or NIS/YP. This switch relies on a set of constants which are themselves commented in the source as being ``bogus''. The answer to our question may well be something like ``historical reasons'' or ``Principle of Least Astonishment'', but please, someone... Is there a sound reason not to remove this guard statement and allow passwd(1) to change passwords in accordance with a PAM policy, as it is coded to do? I've already offered to submit a patch if necessary: it hardly even needs a knowledge of C to fix this one - simply remove a switch statement and replace it with a simple printf. Jonathan