Bug 79141

On our system, one is never able to use "passwd" to change passwords because the pam_krb5 modules assumes that if you haven't passwd PAM_UPDATE_AUTHTOK in the password module you've screwed up the protocol. This appears to be related to a comment in the README file: 

     When is pam_sm_chauthtok() ever called with flags other than
     PAM_UPDATE_AUTHTOK?

I found the answer on:

     http://www.opengroup.org/onlinepubs/8329799/pam_sm_chauthtok.htm

and have created and tested a patch that seems to work. This is a very basic solution that the original author can probably elaborate upon. I'll attach the patch file and submit it upstream to Frank Cusack.

Reproducible: Always
Steps to Reproduce:
1. Type "passwd"
2. 
3.

Actual Results:  
passwd: Authentication token modification error

Expected Results:  
Asked for a password, a new password, a confirm password, and made the changes.

This patch might not always be necessary, I haven't dug into the PAM libraries
themselves to see how they call password modules. Anyway, we have a weird setup
mixing a bunch of different platforms, so it may be fairly unique.

Portage 2.0.51-r14 (default-linux/x86/2004.3, gcc-3.3.5,
glibc-2.3.4.20040808-r1, 2.6.7-gentoo-r5 i686)
=================================================================
System uname: 2.6.7-gentoo-r5 i686 Intel(R) Pentium(R) 4 CPU 2.66GHz
Gentoo Base System version 1.4.16
Python:              dev-lang/python-2.3.4 [2.3.4 (#1, Oct 26 2004, 15:47:23)]
distcc[8629] (dcc_mkdir) ERROR: mkdir /home/grads/sterling/.distcc/state failed:
Permission denied [disabled]
ccache version 2.3 [enabled]
dev-lang/python:     2.3.4
sys-devel/autoconf:  2.59-r5
sys-devel/automake:  1.8.5-r1
sys-devel/binutils:  2.15.92.0.2-r1
sys-devel/libtool:   1.5.2-r7
virtual/os-headers:  2.4.21-r1
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CFLAGS="-O3 -march=i686 -funroll-loops -fomit-frame-pointer -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config
/usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d"
CXXFLAGS="-O3 -march=i686 -funroll-loops -fomit-frame-pointer -pipe"
DISTDIR="/common/admin/linux/gentoo/distfiles"
FEATURES="autoaddcvs autoconfig ccache distlocks sandbox sfperms"
GENTOO_MIRRORS="ftp://ftp.ussg.iu.edu/pub/linux/gentoo
ftp://ftp.gtlib.cc.gatech.edu/pub/gentoo
http://mirror.clarkson.edu/pub/distributions/gentoo/
http://mirrors.tds.net/gentoo http://gentoo.seren.com/gentoo"
MAKEOPTS="-j2"
PKGDIR="/common/admin/linux/gentoo/packages/i686-lab"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/portage-cis"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="x86 X Xaw3d accessibility aim alsa apache2 apm arts avi berkdb bidi
bitmap-fonts bonobo canna cdr cjk crypt cscope dga directfb doc dvd emacs encode
esd evo f77 fam fbcon fftw flac font-server foomaticdb fortran freewnn gb gd
gdbm gif gnome gpm gstreamer gtk gtk2 gtkhtml guile icq imagemagick imap imlib
ipv6 jabber java jikes jpeg junit kde kerberos krb4 ldap leim libg++ libgda
libwww mad maildir mcal mikmod motif mozilla mpeg mpi msn mule multislot mysql
ncurses nls objc odbc oggvorbis opengl oscar oss pam pdflib perl plotutils png
python qt quicktime readline samba sdl slang snmp spell sqlite ssl svga tcltk
tcpd tetex tiff truetype truetype-fonts type1-fonts unicode usb wmf workstation
xml xml2 xmms xv yahoo zlib"
Unset:  LDFLAGS