On Mon, Apr 15, Steve Langasek wrote: > On Mon, Apr 15, 2002 at 02:09:45PM +0200, Thorsten Kukuk wrote: > > > If you use shadow passwords and your password expires, login will ask > > you to change the password to a new one. This is no problem, if the > > password is stored local in /etc/shadow and the old password is > > not necessary. > > > But if the password and the shadow information is stored in a remote > > service, where you need the old password to change it, you have lost. > > > Is there really no way to get the AUTHTOK used in > > pam_sm_authenticate() from pam_sm_chauthtok()? Do I really have to > > ask the user a second time for his password? > > I don't see any general solution to the question of having to prompt for > the password a second time when changing the password. And indeed, I > don't think this is /all/ bad; I can't think of anything pre-PAM that > did any better, and PAM's support for stackable password changes is a > definite improvement. Hm, a normal, shadow capable login program can do it, because it can save the first password and reuse it later. Thorsten -- Thorsten Kukuk http://www.suse.de/~kukuk/ kukuk@suse.de SuSE Linux AG Deutschherrenstr. 15-19 D-90429 Nuernberg -------------------------------------------------------------------- Key fingerprint = A368 676B 5E1B 3E46 CFCE 2D97 F8FD 4E23 56C6 FB4B
Attachment:
pgp00045.pgp
Description: PGP signature
