Comment 15 for bug 329067

It might be of value to note that the "try_authtok" option for the pam_ldap.so library ist neither documented nor used, producing in the /var/log/auth.log the following line : "illegal option try_authtok". Since illegal options are ignored, it produces exactly the same behaviour as simply removing use_authtok altogether.

Because of this i'd recommend changing the title of the bug to something like : "cannot change user password on a LDAP client when the option use_authtok is used with pam_ldap.so".