Thanks for replying. > I don't understand. Are you suggesting that the user is present in both the > NIS map *and* in /etc/passwd? Why would you do that?
No, I am not. In my configuration the user is defined in passwd and shadow files on NIS SERVER. On the NIS client (debian lenny) nsswitch.conf file I have the entries: passwd: files nis shadow: files nis When pam_unix.so queries the NIS database as a regular user, the password field is substituted by the "x" character, which is present in the /etc/passwd of the NIS SERVER (as stated in the passwd(5) and pwconv(8) man entry). I downloaded pam_1.0.1-5+lenny1 debian sources, compiled with --enable-debug configure option, created the /var/log/pam-debug.log file with perms 666 to verify the behaviour, which is also reproduced by the ypmatch user passwd command. In this way, the above mentioned line 167 of passverify.c evaluates to FALSE and the unix_chkpwd helper is not invoked, resulting in an authorization denied even if the correct password is typed. I presently modified the "if" statement as follows: if (strcmp((*pwd)->pw_passwd, "*NP*") == 0 || strcmp((*pwd)->pw_passwd, "x") == 0) and now the authorization is granted. Thanks for your help, Stefano -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org