On Mon, Apr 15, 2002 at 02:09:45PM +0200, Thorsten Kukuk wrote: > If you use shadow passwords and your password expires, login will ask > you to change the password to a new one. This is no problem, if the > password is stored local in /etc/shadow and the old password is > not necessary. > But if the password and the shadow information is stored in a remote > service, where you need the old password to change it, you have lost. > Is there really no way to get the AUTHTOK used in > pam_sm_authenticate() from pam_sm_chauthtok()? Do I really have to > ask the user a second time for his password? I don't see any general solution to the question of having to prompt for the password a second time when changing the password. And indeed, I don't think this is /all/ bad; I can't think of anything pre-PAM that did any better, and PAM's support for stackable password changes is a definite improvement. Steve Langasek postmodern programmer
Attachment:
pgp00044.pgp
Description: PGP signature
