From 50da3ff9ae2590792be4be6672264f3368ef5650 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tiziano=20M=C3=BCller?= <tm@dev-zero.ch>
Date: Thu, 15 Aug 2024 00:29:40 +0000
Subject: [PATCH] Update suse.md to avoid Authentication token manipulation
 error (#2973)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The option use_authok for pam_unix requires a password on the stack, for example from a previous module such as pam_cracklib.
If that is not the case, pam_unix fails, leading to this error:

    ~ # passwd
    passwd: Authentication token manipulation error
    passwd: password unchanged

Signed-off-by: Tiziano Müller <tiziano.mueller@hpe.com>
---
 book/src/integrations/pam_and_nsswitch/suse.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/book/src/integrations/pam_and_nsswitch/suse.md b/book/src/integrations/pam_and_nsswitch/suse.md
index 66c8cc319..59e19e31d 100644
--- a/book/src/integrations/pam_and_nsswitch/suse.md
+++ b/book/src/integrations/pam_and_nsswitch/suse.md
@@ -53,7 +53,7 @@ auth        required      pam_deny.so
 # Controls flow of what happens when a user invokes the passwd command. Currently does NOT
 # push password changes back to kanidm
 password    [default=1 ignore=ignore success=ok] pam_localuser.so
-password    required    pam_unix.so use_authtok nullok shadow try_first_pass
+password    required    pam_unix.so nullok shadow try_first_pass
 password    [default=1 ignore=ignore success=ok]  pam_succeed_if.so uid >= 1000 quiet_success quiet_fail
 password    required    pam_kanidm.so