On Mon, 28 Aug 2000, Solar Designer wrote: > > > > > > o it is not clear to me if I understand PAM_PRELIM_CHECK/PAM_UPDATE > > This usage is a feature. One can interpret "checking the availability of > > resources" to mean "check if its ok right now for the current applicant > > (PAM_RUSER) to change the user's (PAM_USER) authentication token". If > > you read it this way, then as part of the 'prelim' check it seems > > acceptable to verify that they know the current authtoken (password) > > they are about to replace. > This is acceptable if we also do one of: > 1. Re-check the old password when doing the UPDATE, at least in the > case when PAM_PRELIM_CHECK wasn't done. This should never happen. The module's pam_sm_chauthtok() function is called twice by the PAM library, first with PAM_PRELIM_CHECK set, then with PAM_UPDATE_AUTHTOK. I believe this is already well documented in the PAM specs. Any implementation of libpam that doesn't call pam_sm_chauthtok() this way is seriously broken. Steve Langasek postmodern programmer
