How can I allow users to change their local passwords?

Question

We use an LDAP-server, but we also use local accounts.

[jdoe@tst-03 ~]$ passwd
Changing password for user jdoe.
Changing password for jdoe.
(current) UNIX password:
Enter login(LDAP) password:

This is an account that exists locally on the server. Unfortunately when the user tries to change his password, passwd asks him for the LDAP password.

How can I allow this user to change his password locally ('/etc/shadow')? It should not be asking for the LDAP password.

score 1 · Answer 1 · answered Jul 29 '13 at 08:22

1

If you tell you user to do

$ passwd -r files

then it'll only attempt to change the password locally.

answered Jul 29 '13 at 08:22

Flup

7,978
2
32
43

This is not a Solaris/Unix machine, but a Red Hat machine. – ujjain Jul 29 '13 at 08:38
1

I don't have a RH box to play with, but this command works as expected on a Debian system. – Flup Jul 29 '13 at 08:52
There is no -r for passwd on EL based disros. `passwd: bad argument -r: unknown option` – user9517 Jul 29 '13 at 10:46

score 1 · Answer 2 · answered Jul 29 '13 at 08:38

The user only had the correct LDAP password and not the correct local password, meaning it would prompt for the LDAP password after the Unix password was rejected.

After verifying /etc/nsswitch.conf (was already correct) and manually changing the password in /etc/shadow, the user can change his local password.

How can I allow users to change their local passwords?

2 Answers2