Hi, If you use shadow passwords and your password expires, login will ask you to change the password to a new one. This is no problem, if the password is stored local in /etc/shadow and the old password is not necessary. But if the password and the shadow information is stored in a remote service, where you need the old password to change it, you have lost. Is there really no way to get the AUTHTOK used in pam_sm_authenticate() from pam_sm_chauthtok()? Do I really have to ask the user a second time for his password? Thorsten -- Thorsten Kukuk http://www.suse.de/~kukuk/ kukuk@suse.de SuSE Linux AG Deutschherrenstr. 15-19 D-90429 Nuernberg -------------------------------------------------------------------- Key fingerprint = A368 676B 5E1B 3E46 CFCE 2D97 F8FD 4E23 56C6 FB4B
