From owner-freebsd-questions@FreeBSD.ORG Mon Nov 26 20:28:58 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A866916A417 for ; Mon, 26 Nov 2007 20:28:58 +0000 (UTC) (envelope-from jamesh@lanl.gov) Received: from mailwasher.lanl.gov (mailwasher.lanl.gov [204.121.3.2]) by mx1.freebsd.org (Postfix) with ESMTP id 73DAF13C442 for ; Mon, 26 Nov 2007 20:28:58 +0000 (UTC) (envelope-from jamesh@lanl.gov) Received: from mailrelay1.lanl.gov (mailrelay1.lanl.gov [128.165.4.101]) by mailwasher.lanl.gov (8.13.8/8.13.8/(ccn-5)) with ESMTP id lAQKStN8028310; Mon, 26 Nov 2007 13:28:57 -0700 Received: from oppie-mail.lanl.gov (oppie-mail.lanl.gov [128.165.4.123]) by mailrelay1.lanl.gov (8.13.8/8.13.8/(ccn-5)) with ESMTP id lAQKStOc014462; Mon, 26 Nov 2007 13:28:55 -0700 Received: from [128.165.86.60] (p25dual1.lanl.gov [128.165.86.60]) by oppie-mail.lanl.gov (Postfix) with ESMTP id A55E21F8006; Mon, 26 Nov 2007 13:28:49 -0700 (MST) From: James Harrison To: Jonathan McKeown In-Reply-To: <200711262123.49623.jonathan+freebsd-questions@hst.org.za> References: <474AE227.4050005@zedat.fu-berlin.de> <200711262123.49623.jonathan+freebsd-questions@hst.org.za> Content-Type: text/plain Organization: Los Alamos National Labs Date: Mon, 26 Nov 2007 13:28:49 -0700 Message-Id: <1196108929.3705.8.camel@p25dual1.lanl.gov> Mime-Version: 1.0 X-Mailer: Evolution 2.8.0 (2.8.0-33.0.1.el5) Content-Transfer-Encoding: 7bit X-CTN-5-MailScanner-Information: Please see http://network.lanl.gov/email/virus-scan.php X-CTN-5-MailScanner: Found to be clean X-CTN-5-MailScanner-From: jamesh@lanl.gov X-Spam-Status: No Cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD 7/OpenLDAP: Howto change passwords X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: jamesh@lanl.gov List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Nov 2007 20:28:58 -0000 On Mon, 2007-11-26 at 21:23 +0200, Jonathan McKeown wrote: > On Monday 26 November 2007 17:11, O. Hartmann wrote: > > Hello, > > > > trying to change passwords on a client machine for a LDAP authenticated > > user always fails due to the original passwd() command is not capable of > > changing passwords remotely. > > Their is a suggested patch, but is there an "official" way to do? > > Hi Oliver > > I've asked this question several times, here and on -hackers, with no very > helpful response. I checked for PRs and several have been filed at various > times and are in various different states. > > As far as I can tell, the changes necessary to make passwd(1) work with the > PAM infrastructure were made some years ago, but were diked out by a switch > statement which appears to prevent a change to anything but /etc/passwd or > NIS/YP. This switch relies on a set of constants which are themselves > commented in the source as being ``bogus''. > > The answer to our question may well be something like ``historical reasons'' > or ``Principle of Least Astonishment'', but please, someone... > > Is there a sound reason not to remove this guard statement and allow passwd(1) > to change passwords in accordance with a PAM policy, as it is coded to do? > > I've already offered to submit a patch if necessary: it hardly even needs a > knowledge of C to fix this one - simply remove a switch statement and replace > it with a simple printf. > > Jonathan > _______________________________________________ My advice would honestly be to write the patch and submit it.