how to change local and remote (winbind) password seperately

[Michael Hamann]

Hi everybody,

does anybody know a way how to setup the passability to change passwords
for local users and winbind (remote) users ?

Right kow, I setup my /etc/pam.d/passwd like this:
------

password        sufficient      pam_winbind.so
password        required        pam_unix.so

------

Now when I try to change the password for a user logged in via winbind
auth I can change the password without any problems:

tglatzelr at testtux:~$ passwd
Changing password for tglatzel
(current) NT password:
Enter new NT password:
Retype new NT password:
passwd: password updated successfully

For Notebooks Users I would like to allow local users to login and also
allow them to change their passwords on the local system.

With the configuration above I have to let the winbind auth fail to be
able to enter the local passwd dialog. Afters the failed winbind auth, I
am able to change the local password. this works somehow but it looks
quite ugly.

Is their a way to sepereate the password change process maybe in an
localpasswd and a passwd script?

How do I define new pam configuration in /etc/pam.d ? How does the program
passwd know that its pam configuration is set up in /pam.d/passwd?

Where in the source would I have to add modifications to create a seperate
localpasswd program to change only local passwords ? I just looked into
the passwd sources but did not find a pam ID or somethin comparable as I
expected.

Any hints would be very helpful...

best regards
Michael