#1108959 Pam: "When trying to update a password, this return status indicates that the value provided as the current password is not correct."

Package:
reportbug
Source:
reportbug
Submitter:
charles hummer
Date:
2025-08-14 12:45:01 UTC
Severity:
normal
Tags:
#1108959#5
Date:
2025-07-08 15:20:45 UTC
From:
To:

#1108959#10
Date:
2025-08-14 12:28:08 UTC
From:
To:
Control: reassign -1 libpam-winbind
bugs against reportbug, unless you found bug in reportbug itself.

Also please don't report bugs in attachments, - provide the text
of the bug right in the message body.

The actual report seems to be:

Pam sends "When trying to update a password, this return status
indicates that the value provided as the current password is not
correct." when a password is mistyped.
Examples:
user@localhost:~$ sudo su
[sudo] password for user:
When trying to update a password, this return status indicates that the
value provided as the current password is not correct.
Speak English you fool --- there are no subtitles in this scene.
[sudo] password for user:

user@localhost:~$ ssh 127.0.0.1
user@127.0.0.1's password:
Permission denied, please try again.
user@127.0.0.1's password:
When trying to update a password, this return status indicates that the
value provided as the current password is not correct.
When trying to update a password, this return status indicates that the
value provided as the current password is not correct.

note: 2nd login attempt was successful


It looks like this is a pam-winbind issue.

/mjt

#1108959#19
Date:
2025-08-14 12:43:11 UTC
From:
To:
A bit more context.

In trixie release cycle, samba-ad-dc package has been split
out of samba package, to provide AD-DC (Active Directory
Domain Controller) functionality on top of samba.  This
new package depends on other samba components, including
winbind, and recommends libpam-winbind.  And finally,
in order to avoid breaking existing setups, samba package
recommends samba-ad-dc (since this functionality was in
samba package before).

Now, on upgrade from bookworm to trixie, with apt recommends
enabled (which is the default), the system install new
recommended packages too, including samba-ad-dc and its
recommendations, which includes libpam-winbind.

Which produces that message.

Since the samba-ad-dc split-out is mentioned in the release
notes, I probably could've drop recommending it from samba
package.  But I thought it's safer to keep the recommends.
Without knowing there's a bug in libpam-winbind with such
an effect.

/mjt