> The stacked module thinks no such thing: the presence of PAM_AUTHTOK > and PAM_OLDAUTHTOK only indicates that the user has /input/ these > values, it says nothing at all about whether the password has been > changed. Modules should not in fact presume to know anything at all > about other modules in the stack. The Linux-PAM Module Writer's Guide states in section 2.1 that PAM_AUTHTOK (during a password change) "contains the currently active authentication token". This is not true for the situation I described in my previous post. Matt
