Patch from Philippe Troin    <phil@fifi.org>

Originally this included a bunch of changes to locking, but the more
recent code pulled from Linux_pam CVS seems to fix that issue.

Index: Linux-PAM/modules/pam_unix/pam_unix_passwd.c
===================================================================
--- Linux-PAM/modules/pam_unix/pam_unix_passwd.c	(revision 281)
+++ Linux-PAM/modules/pam_unix/pam_unix_passwd.c	(working copy)
@@ -854,7 +854,7 @@
 
 		if (_unix_blankpasswd(pamh, ctrl, user)) {
 			return PAM_SUCCESS;
-		} else if (off(UNIX__IAMROOT, ctrl)) {
+		} else if (off(UNIX__IAMROOT, ctrl) || on(UNIX_NIS, ctrl)) {
 
 			/* instruct user what is happening */
 #define greeting "Changing password for "
@@ -872,7 +872,9 @@
 			set(UNIX__OLD_PASSWD, lctrl);
 			retval = _unix_read_password(pamh, lctrl
 						     ,Announce
-					     ,"(current) UNIX password: "
+					     ,(on(UNIX__IAMROOT, ctrl) 
+					       ? "NIS server root password: " 
+					       : "(current) UNIX password: ")
 						     ,NULL
 						     ,_UNIX_OLD_AUTHTOK
 					     ,(const char **) &pass_old);
@@ -883,9 +885,12 @@
 				 ,"password - (old) token not obtained");
 				return retval;
 			}
-			/* verify that this is the password for this user */
+			/* verify that this is the password for this user
+			 * if we're not using NIS */
 
-			retval = _unix_verify_password(pamh, user, pass_old, ctrl);
+			if (off(UNIX_NIS, ctrl)) {
+				retval = _unix_verify_password(pamh, user, pass_old, ctrl);
+			}
 		} else {
 			D(("process run by root so do nothing this time around"));
 			pass_old = NULL;
