I migrated an old SuseLinux 10 box to Debian (Lenny) a couple months ago, and apparently no one noticed you can't change your password. Root can do it because passwd doesn't ask root for a password, but no one else can (although they can log in, passwd doesn't recognize their login password when they attempt to set a new password and it asks).

I changed authentication to use blowfish when I setup the server (because the SuseLinux 10 system used it) and apparently the passwd command doesn't work with that. Apparently I need to update another configuration file or possibly get a different program to update the passwd file if I use blowfish. Any ideas?

The weird thing is that it can generate a blowfish hash to set a new password, but apparently can't generate one to authenticate the user.

EDIT

Ok, I take it back... something changed recently and it is no longer generating a blowfish hash when setting a new password. It is generating a hash with only 13 characters. And I can clearly see that many users have changed their passwords. Here's how the shadow file looks:

accounts ported from old system: blowfish
accounts automatically generated on this system: md5
accounts among these where the user changed their password: blowfish
new accounts I made manually in the last few weeks, 13 char hash

Not sure what I changed to cause this.

Ok, I'm not sure how it happened, but apparently I changed /etc/pam.d/common-passwd at some point in the last few weeks so that the line specifying encryption was changed from pam_unix2 to pam_unix breaking the passwd command. I find the following advice at this link:

"Okay, the final solition is to emerge pam_unix2 and then replace all instances of "pam_unix" with "pam_unix2" in /etc/pam.d/* files and "md5" with "blowfish" in /etc/pam.d/system-auth"

http://forums.gentoo.org/viewtopic-t-134503.html