php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #59011 pam_chpass failing
Submitted: 2009-12-29 00:17 UTC Modified: 2017-04-01 21:06 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: mwalker at kydancen dot te Assigned:
Status: Wont fix Package: PAM (PECL)
PHP Version: 5.2.11 OS: Gentoo
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2009-12-29 00:17 UTC] mwalker at kydancen dot te
Description:
------------
I'm developing a tool, and I have pam_auth() working successfully, but I'm trying to build in password changing support now, and pam_chpass is failing with the following error:

Conversation error (in pam_chauthtok)

The relevant log entries are:

Dec 28 22:11:46 mwlaptop apache2: pam_unix(php:chauthtok): conversation failed
Dec 28 22:11:46 mwlaptop apache2: pam_unix(php:chauthtok): password - (old) token not obtained

And this is the code snippet:

pam_chpass($username, $old_password, $new_password, $error)

I have confirmed that the values are all being populated, and that the $old_password value is correct, as is $username.




Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-01-18 15:23 UTC] mwalker at kydance dot net
Any update on this? Still a problem.
 [2010-06-11 15:01 UTC] andrew at tektao dot com
It seems that ubuntu doesn't have pam_pwdb.so and pam_unix.so 
isn't working. how is pam_chpassw written?
 [2010-08-25 03:46 UTC] trdrng at gmail dot com
Any news on this one? Is someone maintaining this package?
 [2011-04-24 10:15 UTC] nlewis at programmer dot net
I have developed a patch that corrects this bug.  I tried to submit it directly to the maintainer, but his email server was unreachable.

If the maintainer will please contact me, I will be more than happy to provide the patch.  Please do not send any "Me Too" requests if you are not the maintainer - I would prefer to send the patch to one person (the maintainer) and not the whole world, one person at a time.  :-D
 [2011-08-03 17:18 UTC] nlewis at programmer dot net
Update regarding my patch:

Honestly, the patch won't do you any good unless you configure Apache to run as the root user - which I wouldn't recommend in any case.  And if you're running a distro such as Ubuntu with Apache2, the default is to have it run as a special user (e.g. "www-data"), in which case the patch wouldn't work due to permissions issues.

I don't recall the specifics offhand, but the web server needs full read / write permissions to several system files and directories.  As I recall, the /tmp folder had to be writable, as well as several files in /etc.  I never did find all the pieces, even after digging through the sources to the PAM libraries themselves, so I finally gave up and moved on.

In short, the PECL PAM module is probably not the best solution available.  I myself am currently looking into setting up an LDAP server on the local system, and using the LDAP functions built into PHP to perform user authentication.  It's a total nightmare to figure out, but like I said - it's probably a better long-term solution anyway. 

- NL
 [2017-04-01 21:06 UTC] tpunt@php.net
-Status: Open +Status: Wont fix
 [2017-04-01 21:06 UTC] tpunt@php.net
Due to this extension not seeing any activity since 2009, this issue will not be fixed. We are therefore closing this now.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sun Dec 05 13:03:34 2021 UTC