User unable to change password because of PAM

[Rasslor]

Hi hopefully a quick question,

I have a standalone server running on files that any user who is not root is given Permission denied when trying to change their password. If I disable the following line from pam.conf :

passwd auth required pam_passwd_auth.so.1

everything seems to work just fine but obviously is not running the passwd properly through the security checks. If anyone has any ideas on what to look for or what to change to make this work I would appreciate it.

Thanks
Brendan

 

[Rasslor]

FYI as a follow up I realized that I didn't say I was using Solaris 10 as my OS.

 

[jad]

Umm ... do you have a copy of the orignal PAM conf?

We've done lots of work with NIS+ and LDAP and you are always best off leaving the PAM conf alone.

Why did you change it, or did it not work out of the box?

 

[Rasslor]

Yes I have the original. I haven't changed anything in it relating to passwords. The line I was talking about commenting out is part of the original pam.conf, I was just saying users changing their passwords works if I comment that line out leading me to believe that something in the PAM is affecting users ability to change their passwords.

 

[jad]

what naming service do you use, or is it just files? (/etc/nsswitch.conf)

 

[Rasslor]

Just files

 

[bfitzmai]

Type in the command: "which passwd" to verify which passwd you are running. The default file is in /bin. Run ls -aFl on the returned file. You should see the privileges on the file as:

-r-sr-sr-x 1 root sys <file size> <date> <file path>

Also check to see if passwd is being aliased to another password script.