Re: Bug#269457: pam_krb5 should read PAM_OLDAUTHTOK instead of PAM_AUTHTOK when changing a password
>>>>> "Andreas" == Andreas Vögele <voegele@trustsec.de> writes:
Andreas> I think that there's a bug in pam_krb5_pass.c. When
Andreas> use_first_pass or try_first_pass is used the function
Andreas> pam_sm_chauthtok() tries to get the old password from the
Andreas> preceding module with PAM_AUTHTOK. The problem is that
Andreas> pam_unix_passwd doesn't store the old password in
Andreas> PAM_AUTHTOK but in PAM_OLDAUTHTOK. See
Andreas> pam-0.76/Linux-PAM/modules/pam_unix/pam_unix_passwd.c:
Hello All,
I am not familiar with the specifications of PAM. Can I please get a
2nd opinion to ensure the patch given at
<URL:http://bugs.debian.org/269457>, based on the above description,
is correct?
It looks OK to me.
Thanks.
--
Brian May <bam@debian.org>
Reply to: