topic PAM Error (Change password) in Operating System - Linux https://community.hpe.com/t5/operating-system-linux/pam-error-change-password/m-p/3648562#M102377 I wrote a sample program to test PAM functionality in HP Unix 11i. (basically pam_chauthtok).<BR /><BR />It is prefectly working in most of the Unix flavours but not in HP UX 11i.<BR /><BR />My program<BR /><BR /><BR />#define DEBUG<BR />#include <SECURITY><BR />#include <STDIO.H><BR />#include <PWD.H><BR />#include <STDLIB.H><BR />#include <STRING.H><BR />/*<BR /> * PAM call back function to read the password values<BR /> */<BR /><BR />extern int convert(int num_msg,struct pam_message **msg,struct<BR />pam_response **resp,void *appdata_ptr)<BR />{<BR /> // Initialize PAM response object and set password<BR /> struct pam_response *temp;<BR /> temp = (struct pam_response *)calloc(num_msg,sizeof(struct pam_response));<BR /> temp[0].resp_retcode = 0;<BR /> temp[0].resp = strdup((const char*)appdata_ptr);<BR /> *resp = temp;<BR /> return PAM_SUCCESS;<BR />}<BR />static struct pam_conv conv = {convert,NULL};<BR />/*<BR /> * Function used to change the password of a user<BR /> */<BR />int changePasswd(char *user,char *pass)<BR />{<BR /> pam_handle_t *pamh=NULL;<BR /> int retval;<BR /> struct pam_response *pp=NULL;<BR /> conv.appdata_ptr = pass;<BR /> // initialize PAM<BR /> retval = pam_start("fisclsnr", user, &amp;conv, &amp;pamh);<BR /> if (retval == PAM_SUCCESS)<BR /> {<BR /> // Change password (auth tocken)<BR /> retval = pam_chauthtok(pamh, PAM_SILENT);<BR /> }<BR /> if (retval != PAM_SUCCESS)<BR /> {<BR /> return -1;<BR /> }<BR /> // End PAM Session<BR /> if (pam_end(pamh,retval) != PAM_SUCCESS)<BR /> {<BR /> pamh = NULL;<BR /> return -1;<BR /> }<BR /> return 0;<BR />}<BR />int main()<BR />{<BR /> int res = changePasswd("user","123");<BR /> printf( "Res = %d", res);<BR /> return 0;<BR />}<BR /><BR /><BR />If I am trying to change the password of a normal user it doesnot work.<BR />(<BR /> retval = pam_chauthtok(pamh, PAM_SILENT);<BR /> retval is not 0. Error code is PAM_PERM_DENIED<BR /> }<BR />But change password of root user works fine.<BR /> ( int res = changePasswd("user","123");<BR /> value of res is 0 and password changed )<BR /><BR /><BR /> I add more debug meesages on "convert"<BR />function. It shows that, if the username specified is not root, then an Old password request recieved at convert function. But if it is root ,then no Old password request.<BR /><BR /> In both case I am running the program as root. I could not understand why this happend? Anyone have any Idea ??? any solution to implement a custom "passwd" program??<BR /><BR /></STRING.H></STDLIB.H></PWD.H></STDIO.H></SECURITY> Thu, 13 Oct 2005 04:39:45 GMT shijith_1 2005-10-13T04:39:45Z PAM Error (Change password) https://community.hpe.com/t5/operating-system-linux/pam-error-change-password/m-p/3648562#M102377 I wrote a sample program to test PAM functionality in HP Unix 11i. (basically pam_chauthtok).<BR /><BR />It is prefectly working in most of the Unix flavours but not in HP UX 11i.<BR /><BR />My program<BR /><BR /><BR />#define DEBUG<BR />#include <SECURITY><BR />#include <STDIO.H><BR />#include <PWD.H><BR />#include <STDLIB.H><BR />#include <STRING.H><BR />/*<BR /> * PAM call back function to read the password values<BR /> */<BR /><BR />extern int convert(int num_msg,struct pam_message **msg,struct<BR />pam_response **resp,void *appdata_ptr)<BR />{<BR /> // Initialize PAM response object and set password<BR /> struct pam_response *temp;<BR /> temp = (struct pam_response *)calloc(num_msg,sizeof(struct pam_response));<BR /> temp[0].resp_retcode = 0;<BR /> temp[0].resp = strdup((const char*)appdata_ptr);<BR /> *resp = temp;<BR /> return PAM_SUCCESS;<BR />}<BR />static struct pam_conv conv = {convert,NULL};<BR />/*<BR /> * Function used to change the password of a user<BR /> */<BR />int changePasswd(char *user,char *pass)<BR />{<BR /> pam_handle_t *pamh=NULL;<BR /> int retval;<BR /> struct pam_response *pp=NULL;<BR /> conv.appdata_ptr = pass;<BR /> // initialize PAM<BR /> retval = pam_start("fisclsnr", user, &amp;conv, &amp;pamh);<BR /> if (retval == PAM_SUCCESS)<BR /> {<BR /> // Change password (auth tocken)<BR /> retval = pam_chauthtok(pamh, PAM_SILENT);<BR /> }<BR /> if (retval != PAM_SUCCESS)<BR /> {<BR /> return -1;<BR /> }<BR /> // End PAM Session<BR /> if (pam_end(pamh,retval) != PAM_SUCCESS)<BR /> {<BR /> pamh = NULL;<BR /> return -1;<BR /> }<BR /> return 0;<BR />}<BR />int main()<BR />{<BR /> int res = changePasswd("user","123");<BR /> printf( "Res = %d", res);<BR /> return 0;<BR />}<BR /><BR /><BR />If I am trying to change the password of a normal user it doesnot work.<BR />(<BR /> retval = pam_chauthtok(pamh, PAM_SILENT);<BR /> retval is not 0. Error code is PAM_PERM_DENIED<BR /> }<BR />But change password of root user works fine.<BR /> ( int res = changePasswd("user","123");<BR /> value of res is 0 and password changed )<BR /><BR /><BR /> I add more debug meesages on "convert"<BR />function. It shows that, if the username specified is not root, then an Old password request recieved at convert function. But if it is root ,then no Old password request.<BR /><BR /> In both case I am running the program as root. I could not understand why this happend? Anyone have any Idea ??? any solution to implement a custom "passwd" program??<BR /><BR /></STRING.H></STDLIB.H></PWD.H></STDIO.H></SECURITY> Thu, 13 Oct 2005 04:39:45 GMT https://community.hpe.com/t5/operating-system-linux/pam-error-change-password/m-p/3648562#M102377 shijith_1 2005-10-13T04:39:45Z