[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#269457: pam_krb5 should read PAM_OLDAUTHTOK instead of PAM_AUTHTOK when changing a password

>>>>> "Andreas" == Andreas Vögele <voegele@trustsec.de> writes:

    Andreas> I think that there's a bug in pam_krb5_pass.c. When
    Andreas> use_first_pass or try_first_pass is used the function
    Andreas> pam_sm_chauthtok() tries to get the old password from the
    Andreas> preceding module with PAM_AUTHTOK. The problem is that
    Andreas> pam_unix_passwd doesn't store the old password in
    Andreas> PAM_AUTHTOK but in PAM_OLDAUTHTOK. See
    Andreas> pam-0.76/Linux-PAM/modules/pam_unix/pam_unix_passwd.c:

Hello All,

I am not familiar with the specifications of PAM. Can I please get a
2nd opinion to ensure the patch given at
<URL:http://bugs.debian.org/269457>, based on the above description,
is correct?

It looks OK to me.

Brian May <bam@debian.org>

Reply to: