Bug#588434: Subject: libpam-ldap: unable to change password in default configuration

Thu, 15 Dec 2016 18:39:20 -0800

I can confirm that either removing use_authtok or installing libpam-cracklib bypasses the issue, but also that there is a third fix which does not involve: - adding a dependency that introduces unrelated (possibly unwanted) features 
 - breaking the functionality intended by including use_authtok
 - maintaining a hack to override the package-supplied configuration
I don't know exactly what that fix is, only that it exists, because I have two Ubuntu 16.04 machines, one of which exhibits this problem and the other does not. 

In the interest of discovering this fix, I've determined the following:
They both have an identical set of libpam modules installed and identically configured: 

root@host:~# apt search libpam | grep installed
libpam-cap/xenial,now 1:2.24-12 amd64 [installed]
libpam-ldap/xenial,now 184-8.7ubuntu1 amd64 [installed]
libpam-modules/xenial,now 1.1.8-3.2ubuntu2 amd64 [installed]
libpam-modules-bin/xenial,now 1.1.8-3.2ubuntu2 amd64 [installed]
libpam-mount/xenial,now 2.14-1.1 amd64 [installed]
libpam-runtime/xenial,now 1.1.8-3.2ubuntu2 all [installed]
libpam-systemd/xenial-updates,now 229-4ubuntu13 amd64 [installed,automatic]
libpam0g/xenial,now 1.1.8-3.2ubuntu2 amd64 [installed]
There are some different service-specific configurations added, but every file that appears in both of these ls outputs is identical: 

root@goodhost:/etc/pam.d# ll
total 104K
-rw-r--r-- 1 root root  258 2016-01-14 18:35:17 atd
-rw-r--r-- 1 root root  384 2010-01-26 13:01:31 chfn
-rw-r--r-- 1 root root   92 2010-01-26 13:01:31 chpasswd
-rw-r--r-- 1 root root  581 2010-01-26 13:01:31 chsh
-rw-r--r-- 1 root root 1.3K 2016-12-15 15:44:53 common-account
-rw-r--r-- 1 root root 1.4K 2016-12-15 15:44:53 common-auth
-rw-r--r-- 1 root root   70 2010-07-31 01:52:24 common-pammount
-rw-r--r-- 1 root root 1.6K 2016-12-15 18:16:36 common-password
-rw-r--r-- 1 root root 1.6K 2016-12-15 15:44:54 common-session
-rw-r--r-- 1 root root 1.5K 2016-12-15 15:44:54 common-session-noninteractive 
-rw-r--r-- 1 root root  606 2016-04-05 18:59:02 cron
-rw-r--r-- 1 root root   81 2010-04-19 14:18:56 dovecot
-rw-r--r-- 1 root root 4.8K 2016-01-29 21:21:30 login
-rw-r--r-- 1 root root  100 2011-12-21 12:13:38 monit
-rw-r--r-- 1 root root   92 2010-01-26 13:01:31 newusers
-rw-r--r-- 1 root root  520 2010-04-13 19:01:47 other
-rw-r--r-- 1 root root   92 2010-01-26 13:01:31 passwd
-rw-r--r-- 1 root root  255 2014-02-11 14:45:25 polkit-1
-rw-r--r-- 1 root root  143 2016-03-12 11:14:57 runuser
-rw-r--r-- 1 root root  138 2016-03-12 11:14:57 runuser-l
-rw-r--r-- 1 root root   84 2010-03-19 18:16:58 samba
-rw-r--r-- 1 root root 2.1K 2016-08-11 13:25:09 sshd
-rw-r--r-- 1 root root 2.3K 2015-11-12 18:12:32 su
-rw-r--r-- 1 root root  239 2016-08-17 10:20:48 sudo
-rw-r--r-- 1 root root  251 2016-10-26 10:04:44 systemd-user


root@badhost:/etc/pam.d# ll
total 85K
-rw-r--r-- 1 root root  258 2016-01-14 18:35:17 atd
-rw-r--r-- 1 root root  384 2015-11-12 18:12:32 chfn
-rw-r--r-- 1 root root   92 2015-11-12 18:12:32 chpasswd
-rw-r--r-- 1 root root  581 2015-11-12 18:12:32 chsh
-rw-r--r-- 1 root root 1.3K 2016-12-15 21:36:41 common-account
-rw-r--r-- 1 root root 1.4K 2016-12-15 21:36:41 common-auth
-rw-r----- 1 root root   70 2016-12-15 15:31:07 common-pammount
-rw-r--r-- 1 root root 1.6K 2016-12-15 21:36:41 common-password
-rw-r--r-- 1 root root 1.6K 2016-12-15 21:36:41 common-session
-rw-r--r-- 1 root root 1.5K 2016-12-15 21:36:41 common-session-noninteractive 
-rw-r--r-- 1 root root  606 2016-04-05 18:59:02 cron
-rw-r--r-- 1 root root 4.8K 2016-01-29 21:21:30 login
-rw-r--r-- 1 root root  145 2016-12-09 03:43:43 mysql
-rw-r--r-- 1 root root   92 2015-11-12 18:12:32 newusers
-rw-r--r-- 1 root root  520 2016-03-16 15:09:13 other
-rw-r--r-- 1 root root   92 2015-11-12 18:12:32 passwd
-rw-r--r-- 1 root root  255 2016-01-17 19:13:21 polkit-1
-rw-r--r-- 1 root root  143 2016-03-12 11:14:57 runuser
-rw-r--r-- 1 root root  138 2016-03-12 11:14:57 runuser-l
-rw-r--r-- 1 root root   84 2016-03-07 21:23:05 samba
-rw-r--r-- 1 root root 2.1K 2016-04-28 05:52:36 sshd
-rw-r--r-- 1 root root 2.3K 2015-11-12 18:12:32 su
-rw-r--r-- 1 root root  239 2016-03-30 16:57:11 sudo
-rw-r--r-- 1 root root  251 2016-04-12 07:34:03 systemd-user
-rw-r--r-- 1 root root   55 2016-04-15 07:04:33 vmtoolsd
At this point I'm out of ideas on how to identify the difference that stops use_authtok from breaking passwd, but very interested in doing so. 

Cheers,
 - Evan

Reply via email to