jeroennijhof/pam_script

Root password change fails for root

pbrunnen opened this issue · 3 comments

Hello,
I'm running into a possible bug when pam_script is implemented and root attempts to do a forced password change.

Regardless of what I use in PAM (requisite, sufficient, etc), when root is attempting to set the password for an account that doesn't have a password, the change fails.

Root is prompted for the new password and to confirm, but then is prompted for "Current password" for which nothing will ever match. Leaving this blank or incorrect does not work and results in:
passwd: Authentication token manipulation error passwd: password unchanged

I am using "onerr=success", but this doesn't appear to make a difference. Also, I have attempted by removing my called script (so that nothing runs) but I still encounter this issue.

Thoughts?

And you are really sure you are running the password command as root?
I have tested it with version https://github.com/jeroennijhof/pam_script/archive/1.1.9.tar.gz and it works could you try with version 1.1.9?

As you can see in the code it checks if the user is root if so it will skip asking the current password:
https://github.com/jeroennijhof/pam_script/blob/1.1.9/pam_script.c#L457

Ok I see the problem it was a bug in version 1.1.7 and fixed since 1.1.8.

Ah, Ok. I tried to review the changes between versions, but I must have missed that. Very much appreciated... I will send a message to the Debian package manager to see if they will include an update to 1.1.8 in jessie.

Thank you again!