Re: Usability issue when forced to change password when logging in to a system

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Fri, Jan 23, 2015 at 10:59 AM, Iain Morgan <imorgan@xxxxxxxxxxxx> wrote:
>
> As I recall, OpenSSH does not use PAM to implement password changes;
>

Actually it does (via pam_chauthtok() but only when you are using
keyboard-interactive and it has a reliable way to talk to to the user.


> instead, it executes the system's passwd binary.


It does that when you are not using PAM, or when you are using PAM with
"password" authentication (it can't call pam_chauthtok() in the latter case
because by the time it can talk to the user via a tty, it has long since
dropped the privilege required to actually change the password.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux