# chpasswd not working since shadow-4.1.4.2-r3

## randalla

Internally, we use chpasswd to reset user accounts when the user has forgotten their password. Typically, this is done like this, via the root user:

```
chpasswd <<EOL

username:temppassword

EOL

passwd -e username

```

Since before the sys-apps/shadow-4.1.4.2-r3 update (which we updated to this last Friday, 7/9/2010), that worked. Now, after executing chpasswd, the encrypted password in the shadow file does not change. /etc/login.defs is nearly default, with only the number of login retries set to 3 and the umask set to something else. PAM has been set up on system-auth to control password length, but that's about it.

Now, passwd and the expired change password routines both work to change a password. Just not chpasswd.

I noticed today that sys-apps/shadow had an update to sys-apps/shadow-4.1.4.2-r4, which I tried. Unfortunately, with the same results.

Is there some way that I can trouble shoot this so that my user expired routine works without having to manually call passwd on each user I need to reset (which takes more time)?

Any information would be greatly appreciated.

Adam.

----------

## randalla

Okay, it seems that this bug has been around for some time:

https://bugs.gentoo.org/show_bug.cgi?id=275555

It has only become apparent now that shadow-4.1.4 has become stable. The fix that worked for me was to change this line in /etc/pam.d/chpasswd:

```
password   required      pam_permit.so
```

to:

```
password    include      system-auth
```

I am wondering, though, if this is a safe change. I'm not overly familiar with PAM (something I need to change).

Adam.

----------

