diff -up Linux-PAM-1.1.3/modules/pam_pwhistory/pam_pwhistory.c.incomplete Linux-PAM-1.1.3/modules/pam_pwhistory/pam_pwhistory.c
--- Linux-PAM-1.1.3/modules/pam_pwhistory/pam_pwhistory.c.incomplete	2008-12-18 14:09:36.000000000 +0100
+++ Linux-PAM-1.1.3/modules/pam_pwhistory/pam_pwhistory.c	2010-11-11 14:45:02.000000000 +0100
@@ -187,12 +187,13 @@ pam_sm_chauthtok (pam_handle_t *pamh, in
     {
       retval = pam_get_authtok (pamh, PAM_AUTHTOK, &newpass, NULL);
       if (retval != PAM_SUCCESS && retval != PAM_TRY_AGAIN)
-	return retval;
+	{
+	  if (retval == PAM_CONV_AGAIN)
+	    retval = PAM_INCOMPLETE;
+	  return retval;
+	}
       tries++;
 
-      if (newpass == NULL || retval == PAM_TRY_AGAIN)
-	continue;
-
       if (options.debug)
 	{
 	  if (newpass)
@@ -201,12 +202,8 @@ pam_sm_chauthtok (pam_handle_t *pamh, in
 	    pam_syslog (pamh, LOG_DEBUG, "got no auth token");
 	}
 
-      if (retval != PAM_SUCCESS || newpass == NULL)
-	{
-	  if (retval == PAM_CONV_AGAIN)
-	    retval = PAM_INCOMPLETE;
-	  return retval;
-	}
+      if (newpass == NULL || retval == PAM_TRY_AGAIN)
+	continue;
 
       if (options.debug)
 	pam_syslog (pamh, LOG_DEBUG, "check against old password file");
@@ -219,7 +216,6 @@ pam_sm_chauthtok (pam_handle_t *pamh, in
 	  newpass = NULL;
 	  /* Remove password item, else following module will use it */
           pam_set_item (pamh, PAM_AUTHTOK, (void *) NULL);
-	  continue;
 	}
     }
 
@@ -230,8 +226,7 @@ pam_sm_chauthtok (pam_handle_t *pamh, in
       return PAM_MAXTRIES;
     }
 
-  /* Remember new password */
-  return pam_set_item (pamh, PAM_AUTHTOK, newpass);
+  return PAM_SUCCESS;
 }