#319 Pam Password change always returns old password is incorrect

open
Jamie Cameron
5
2007-06-07
2007-06-07
Anonymous
No

This is on OpenSuSe 10.2 regardless if this is run by root or user. This was tried across multiple machines with the same results.

Discussion

  • Logged In: NO

    Sorry forgot to mention this is with Usermin 1280 and I just tried Usermin 1260 with the same results. Gut feeling is this will be a OpenSuSe specific issue.

     
  • Jamie Cameron
    Jamie Cameron
    2007-06-07

    Logged In: YES
    user_id=129364
    Originator: NO

    So which Usermin module were you using to do the password - was it 'Change Password', or is it the dialog that appears at login time when your password has expired?

     
  • Logged In: NO

    I am using the change password module with PAM. I have run it both as root and the user. I have not tried expiring my password and loging in as of yet.

     
  • Jamie Cameron
    Jamie Cameron
    2007-06-07

    Logged In: YES
    user_id=129364
    Originator: NO

    Does anything appear in /var/log/secure or /var/log/authlog when you try the password change? Usually PAM will log something explaining what went wrong..

     
  • Logged In: NO

    In /var/log/warn I get (Invalid Credentials) I should mention on this box I am using PAM to authenticate against LDAP. On the other box I tested it locally so.... Anyway I have typed my password and copied and pasted to ensure this was not a repeated Typo :D

     
  • Jamie Cameron
    Jamie Cameron
    2007-06-07

    Logged In: YES
    user_id=129364
    Originator: NO

    If you are using LDAP, make sure that both /etc/pam.d/usermin and /etc/pam.d/passwd are setup to talk to the LDAP server, with pam_ldap.so lines.
    By the way, can you change the password at the command line with the 'passwd' command?

     
  • Logged In: NO

    Yes both services have LDAP added to both PAM files and yes I can change the password with passwd.

     
  • Jamie Cameron
    Jamie Cameron
    2007-06-07

    Logged In: YES
    user_id=129364
    Originator: NO

    One work-around then would be to have the module use the 'passwd' command instead of PAM.
    This can be done by editing /etc/usermin/changepass/config , and changing the passwd_cmd line to read :
    passwd_cmd=passwd

     
  • Logged In: NO

    I am using the change password module with PAM. I have run it both as root and the user. I have not tried expiring my password and loging in as of yet.

     
  • Jamie Cameron
    Jamie Cameron
    2007-06-08

    Logged In: YES
    user_id=129364
    Originator: NO

    The passwd command should still call PAM, if it is working properly. If configuring Usermin to use it works, that will narrow down the problem somewhat..

     
  • Logged In: NO

    Jamie,
    I am still working on this. The passwd command still fails. Though I can login to usermin it appears this is failing when it checks the user password. I am now certain this is a configuration issue since I can replicate on Ubuntu as well. I will keep on banging my head against this brick wall :D

     
  • Jamie Cameron
    Jamie Cameron
    2007-06-11

    Logged In: YES
    user_id=129364
    Originator: NO

    Ok, if the passwd command fails too then it looks to be a more lower-level problem ..
    Let me know if you this ends up being definitively a Usermin bug though.

     
  • Michael Braun
    Michael Braun
    2007-07-01

    Logged In: YES
    user_id=1232681
    Originator: NO

    Hi,

    I just didn't see this bug report before reporting my problem.
    Please have a look at Bug 1746036 ( ChangePass PAM does not work with pam_ldap),
    maybe the solution provided there also helps here.

    Yours faithfully,
    M. Braun