Bug 422721 - Password change fails with samba pam module
Password change fails with samba pam module
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: samba (Show other bugs)
4.6
All Linux
low Severity low
: ---
: ---
Assigned To: Simo Sorce
:
Depends On:
Blocks: 1084943
  Show dependency treegraph
 
Reported: 2007-12-12 19:59 EST by Shad L. Lords
Modified: 2014-04-07 06:59 EDT (History)
3 users (show)

See Also:
Fixed In Version: RHBA-2008-0711
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1084943 (view as bug list)
Environment:
Last Closed: 2008-07-24 15:54:18 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Shad L. Lords 2007-12-12 19:59:21 EST
Description of problem:

Trying to change passwords while using pam fail because of bad pam.d/samba file

Version-Release number of selected component (if applicable):

samba-3.0.25b-1.el4_6.2

How reproducible:

Always

Steps to Reproduce:
1. Install samba-3.0.25b-1.el4_6.2
2. set "pam password change = yes"
3. Try to change windows password
  
Actual results:

Changing password fails

Expected results:

Password change successful

Additional info:

On previous version (and future rhel5 version) then pam.d/samba file contained:

#%PAM-1.0
auth       required     pam_nologin.so
auth       required     pam_stack.so service=system-auth
account    required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth

The current version only contains:

auth    required        /lib/security/pam_stack.so service=system-auth
account required        /lib/security/pam_stack.so service=system-auth

If you set the pam.d/samba back to the previous version then passwords are
allowed to be changed again.
Comment 1 Scott Bambrough 2007-12-18 19:16:07 EST
On 64 bit RHEL4 systems, Samba authentication by 64 bit apps via PAM is
completely broken, as pam.d/samba points to the 32 bit shared library directory
only.  You need to remove the /lib/security path from the entries.

Comment 2 Shad L. Lords 2007-12-19 09:42:29 EST
There are already multiple bugs open about the library path being incorrect. 
This bug deals with the fact that there are sections of the pam file that are
missing.  Even if the paths are corrected the password change problem would
exist on both 32 and 64 bit.
Comment 3 RHEL Product and Program Management 2008-02-14 16:38:16 EST
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 8 errata-xmlrpc 2008-07-24 15:54:18 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2008-0711.html

Note You need to log in before you can comment on or make changes to this bug.