Always ask for old password if changing NIS account

	* modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): ask
	for old password if NIS account.

diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
index 9aae3b03de3531c5542fc3acaff620819b8ee400..0cfc0f4d54887bec8f901b0e793c505909ef64e5 100644 (file)
--- a/modules/pam_unix/pam_unix_passwd.c
+++ b/modules/pam_unix/pam_unix_passwd.c
@@ -614,7 +614,8 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv)
 
                if (_unix_blankpasswd(pamh, ctrl, user)) {
                        return PAM_SUCCESS;
-               } else if (off(UNIX__IAMROOT, ctrl)) {
+               } else if (off(UNIX__IAMROOT, ctrl) ||
+                          (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, user, 0, 1))) {
                        /* instruct user what is happening */
                        if (asprintf(&Announce, _("Changing password for %s."),
                                user) < 0) {