PHP :: Bug #59011 :: pam

Bug #59011

pam_chpass failing

Submitted:

2009-12-29 00:17 UTC

Modified:

2017-04-01 21:06 UTC

Votes:	1
Avg. Score:	3.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	0 (0.0%)
Same OS:	0 (0.0%)

From:

mwalker at kydancen dot te

Assigned:

Status:

Wont fix

Package:

PAM (PECL)

PHP Version:

5.2.11

OS:

Gentoo

Private report:

CVE-ID:

None

View Developer Edit

[2009-12-29 00:17 UTC] mwalker at kydancen dot te

Description:
------------
I'm developing a tool, and I have pam_auth() working successfully, but I'm trying to build in password changing support now, and pam_chpass is failing with the following error:

Conversation error (in pam_chauthtok)

The relevant log entries are:

Dec 28 22:11:46 mwlaptop apache2: pam_unix(php:chauthtok): conversation failed
Dec 28 22:11:46 mwlaptop apache2: pam_unix(php:chauthtok): password - (old) token not obtained

And this is the code snippet:

pam_chpass($username, $old_password, $new_password, $error)

I have confirmed that the values are all being populated, and that the $old_password value is correct, as is $username.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2010-01-18 15:23 UTC] mwalker at kydance dot net

Any update on this? Still a problem.

[2010-06-11 15:01 UTC] andrew at tektao dot com

It seems that ubuntu doesn't have pam_pwdb.so and pam_unix.so 
isn't working. how is pam_chpassw written?

[2010-08-25 03:46 UTC] trdrng at gmail dot com

Any news on this one? Is someone maintaining this package?

[2011-04-24 10:15 UTC] nlewis at programmer dot net

I have developed a patch that corrects this bug.  I tried to submit it directly to the maintainer, but his email server was unreachable.

If the maintainer will please contact me, I will be more than happy to provide the patch.  Please do not send any "Me Too" requests if you are not the maintainer - I would prefer to send the patch to one person (the maintainer) and not the whole world, one person at a time.  :-D

[2011-08-03 17:18 UTC] nlewis at programmer dot net

Update regarding my patch:

Honestly, the patch won't do you any good unless you configure Apache to run as the root user - which I wouldn't recommend in any case.  And if you're running a distro such as Ubuntu with Apache2, the default is to have it run as a special user (e.g. "www-data"), in which case the patch wouldn't work due to permissions issues.

I don't recall the specifics offhand, but the web server needs full read / write permissions to several system files and directories.  As I recall, the /tmp folder had to be writable, as well as several files in /etc.  I never did find all the pieces, even after digging through the sources to the PAM libraries themselves, so I finally gave up and moved on.

In short, the PECL PAM module is probably not the best solution available.  I myself am currently looking into setting up an LDAP server on the local system, and using the LDAP functions built into PHP to perform user authentication.  It's a total nightmare to figure out, but like I said - it's probably a better long-term solution anyway. 

- NL

[2017-04-01 21:06 UTC] tpunt@php.net

-Status: Open +Status: Wont fix

[2017-04-01 21:06 UTC] tpunt@php.net

Due to this extension not seeing any activity since 2009, this issue will not be fixed. We are therefore closing this now.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Mon Dec 30 14:01:28 2024 UTC