I belive that this is done because when the root user changes a password for a user that you don't want root to be prompted for the old password.
That does allow the root user to break some policy rules for passwdqc (ie can use an old password or a similar password which is supposed to be invalid). Is this the desired functionality when passwd is called as root? Is there anyway to have the OLDAUTHTOK stored when the root user is running the application? I am using 0.78-r3 on Gentoo. Upgrading is unfortunately not an option at this point.
I looked into ways to hack this, but haven't come up with a clear way as of yet. I also searched through the archive for similar posts, but unfortunately haven't found anything similar as of yet.
_______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
