--um2V5WpqCyd73IVb Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Aug 04, 2002 at 01:40:19AM -0700, Matt Piotrowski wrote: > > The stacked module thinks no such thing: the presence of PAM_AUTHTOK > > and PAM_OLDAUTHTOK only indicates that the user has /input/ these > > values, it says nothing at all about whether the password has been > > changed. Modules should not in fact presume to know anything at all > > about other modules in the stack. > The Linux-PAM Module Writer's Guide states in section 2.1 that=20 > PAM_AUTHTOK (during a password change) "contains the currently active=20 > authentication token". This is not true for the situation I described=20 > in my previous post. I fear this is a case of poor wording in the Module Writer's Guide, then. In pam_sm_chauthtok(), the PAM_AUTHTOK item contains the *proposed* new authentication token. It is confusing to refer to it as the "currently active authentication token", since there are several authentication tokens that could fit this description while in the process of changing passwords. Steve Langasek postmodern programmer --um2V5WpqCyd73IVb Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9TXbWKN6ufymYLloRAl1mAJ4jQLqE2xlDp+fOH1UK57kNtr+iDgCeOo5H PqzopfP7V20HkABs8Sd6Ypo= =q/ve -----END PGP SIGNATURE----- --um2V5WpqCyd73IVb--
