php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #59011 pam_chpass failing
Submitted: 2009-12-29 00:17 UTC Modified: 2017-04-01 21:06 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: mwalker at kydancen dot te Assigned:
Status: Wont fix Package: PAM (PECL)
PHP Version: 5.2.11 OS: Gentoo
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: mwalker at kydancen dot te
New email:
PHP Version: OS:

 

 [2009-12-29 00:17 UTC] mwalker at kydancen dot te 
Description:
------------
I'm developing a tool, and I have pam_auth() working successfully, but I'm trying to build in password changing support now, and pam_chpass is failing with the following error:

Conversation error (in pam_chauthtok)

The relevant log entries are:

Dec 28 22:11:46 mwlaptop apache2: pam_unix(php:chauthtok): conversation failed
Dec 28 22:11:46 mwlaptop apache2: pam_unix(php:chauthtok): password - (old) token not obtained

And this is the code snippet:

pam_chpass($username, $old_password, $new_password, $error)

I have confirmed that the values are all being populated, and that the $old_password value is correct, as is $username.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-01-18 15:23 UTC] mwalker at kydance dot net 
Any update on this? Still a problem.
 [2010-06-11 15:01 UTC] andrew at tektao dot com 
It seems that ubuntu doesn't have pam_pwdb.so and pam_unix.so 
isn't working. how is pam_chpassw written?
 [2010-08-25 03:46 UTC] trdrng at gmail dot com 
Any news on this one? Is someone maintaining this package?
 [2011-04-24 10:15 UTC] nlewis at programmer dot net 
I have developed a patch that corrects this bug.  I tried to submit it directly to the maintainer, but his email server was unreachable.

If the maintainer will please contact me, I will be more than happy to provide the patch.  Please do not send any "Me Too" requests if you are not the maintainer - I would prefer to send the patch to one person (the maintainer) and not the whole world, one person at a time.  :-D
 [2011-08-03 17:18 UTC] nlewis at programmer dot net 
Update regarding my patch:

Honestly, the patch won't do you any good unless you configure Apache to run as the root user - which I wouldn't recommend in any case.  And if you're running a distro such as Ubuntu with Apache2, the default is to have it run as a special user (e.g. "www-data"), in which case the patch wouldn't work due to permissions issues.

I don't recall the specifics offhand, but the web server needs full read / write permissions to several system files and directories.  As I recall, the /tmp folder had to be writable, as well as several files in /etc.  I never did find all the pieces, even after digging through the sources to the PAM libraries themselves, so I finally gave up and moved on.

In short, the PECL PAM module is probably not the best solution available.  I myself am currently looking into setting up an LDAP server on the local system, and using the LDAP functions built into PHP to perform user authentication.  It's a total nightmare to figure out, but like I said - it's probably a better long-term solution anyway. 

- NL
 [2017-04-01 21:06 UTC] tpunt@php.net
-Status: Open +Status: Wont fix
 [2017-04-01 21:06 UTC] tpunt@php.net 
Due to this extension not seeing any activity since 2009, this issue will not be fixed. We are therefore closing this now.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Dec 26 17:01:31 2024 UTC