1 files changed, 13 insertions, 0 deletions

diff --git a/meta-google/recipes-extended/pam/libpam_%.bbappend b/meta-google/recipes-extended/pam/libpam_%.bbappend
index 287dab7b14..d57b0eab15 100644
--- a/meta-google/recipes-extended/pam/libpam_%.bbappend
+++ b/meta-google/recipes-extended/pam/libpam_%.bbappend
@@ -12,4 +12,17 @@ RDEPENDS:${PN}-xtests:remove:gbmc = "${MLPREFIX}pam-plugin-cracklib-${libpam_suf
 do_install:append:gbmc() {
     # Remove reference to cracklib library from PAM config file
     sed -i '/pam_cracklib.so/d' ${D}${sysconfdir}/pam.d/common-password
+
+    # Remove the first occurrence of "use_authtok" in the first line starting
+    # with "password". This makes sure that if pam_cracklib.so was the first
+    # entry, we didn't invalidate the next entry in the stack. If the first
+    # entry has the "use_authtok" set, this "forces the module to not prompt
+    # the user for a new password but use the one provided by the previously
+    # stacked password module". Since there is no "previous" entry, it never
+    # asks for a password which causes the process to fail.
+    awk '/^password/ && !f{sub(/ use_authtok/, ""); f=1} 1' \
+        ${D}${sysconfdir}/pam.d/common-password \
+        > ${D}${sysconfdir}/pam.d/common-password.new
+    mv ${D}${sysconfdir}/pam.d/common-password.new \
+        ${D}${sysconfdir}/pam.d/common-password
 }