Andrew Morgan wrote: > [PAM_PRELIM_CHECK/PAM_UPDATE] > This usage is a feature. One can interpret "checking the availability of > resources" to mean "check if its ok right now for the current applicant > (PAM_RUSER) to change the user's (PAM_USER) authentication token". If > you read it this way, then as part of the 'prelim' check it seems > acceptable to verify that they know the current authtoken (password) > they are about to replace. > > This is the interpretation we've adopted. The reason we adopted this > interpretation is that it makes it possible to transparently support a > plug-in new-password strength checker. If you wait for the 'update' > cycle to do this preliminary check, its not clear where in the stack you > can plug the strength checker and have it work. This was exactly the "problems stacking modules" about that I told in my first post. Thanks.
