Package: libpam-ldap Version: 184-8.4 Severity: normal
Hello, after installing the package it's not possible to change the password stored on the LDAP server: $ passwd Enter login(LDAP) password: passwd: Authentication information cannot be recovered passwd: password unchanged syslog reports: passwd[23595]: pam_unix(passwd:chauthtok): user "tettamanti" does not exist in /etc/passwd This is the content of common-password, as generated by pam-auth-update: # here are the per-package modules (the "Primary" block) password [success=2 default=ignore] pam_unix.so obscure sha512 password [success=1 user_unknown=ignore default=die] pam_ldap.so use_authtok try_first_pass # here's the fallback if no module succeeds The problem seems (my knowledge of PAM is rather limited) to be the use_authtok option: the users of the system are *not* present in /etc/password, they exist only on LDAP. I guess that use_authtok was put there to keep local data in sync with LDAP, right? In this case what's needed is the equivalent of try_first_pass for for password changing (but I don't see such an option). -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-3-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libpam-ldap depends on: ii debconf [debconf-2.0] 1.5.32 Debian configuration management sy ii libc6 2.10.2-9 Embedded GNU C Library: Shared lib ii libldap-2.4-2 2.4.17-2.1 OpenLDAP libraries ii libpam-runtime 1.1.1-3 Runtime support for the PAM librar ii libpam0g 1.1.1-3 Pluggable Authentication Modules l libpam-ldap recommends no packages. Versions of packages libpam-ldap suggests: ii libnss-ldap 264-2.1 NSS module for using LDAP as a nam -- debconf information excluded -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org