pam-ldap and passwd

To: debian-user@lists.debian.org
Subject: pam-ldap and passwd
From: David Wright <ichbin@shadlen.org>
Date: Sun, 17 Mar 2002 14:13:27 -0800
Message-id: <[🔎] 3C951507.7080803@shadlen.org>

I am having problems using passwd to change passwords stored on an LDAPdatabase.


I have /etc/pam.d/passwd looking just like it does on my RedHat box:

auth      required       pam_env.so
auth      sufficient     pam_unix.so likeauth nullok
auth      sufficient     pam_ldap.so use_first_pass
auth      required       pam_deny.so

account     required      pam_unix.so

account [default=ok user_unknown=ignore service_err=ignoresystem_err=ignore] pam_ldap.so


assword   required       pam_cracklib.so retry=3 minlen=6 difok=3
password  sufficient     pam_ldap.so use_authtok
password  sufficient     pam_unix.so use_authtok nullok md5 shadow
password  required       pam_deny.so

but I get a response like this:

user@debian:~$ passwd
Enter login(LDAP) password:
Changing password for user
(current) UNIX password:
passwd: Critical error - immediate abort

What's going on? How to I get it work nicely?

By the way, Red Hat ships with a very nice pam module, pam_stack.so,which can be used like this


auth       required     /lib/security/pam_stack.so service=system-auth
account    required     /lib/security/pam_stack.so service=system-auth
password   required     /lib/security/pam_stack.so service=system-auth

PAM then consults the file /etc/pam.d/system-auth to find the actualstacks. That way, one can, for instance, make all services use pam_ldapwithout having to change the stack in every /etc/pam.d/* file.

Reply to:

Follow-Ups:
- Re: pam-ldap and passwd
  - From: Karsten Heymann <karsten.heymann@gmx.de>

Prev by Date: Re: gatos drivers for ATI AllInWonder cards
Next by Date: Re: biggest, newest IDE disk stuck in PIO mode; because no BIOS support? [dsb]
Previous by thread: Re: svgatextmode and ATI rage 128 video cards
Next by thread: Re: pam-ldap and passwd
Index(es):
- Date
- Thread