[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: password-changing HOWTO?

Elliot Lee:
> > ... have the passwd program modify the password files directly,
> > bypassing PAM?
> No - that breaks the whole idea of PAM.

No - not the whole idea :).  This code would be used only if
root is changing the user's password.  For the simple cases
(user runs passwd, expiration) everything is still 100% PAM.

> The same password changing program should work for all authentication
> methods. This abstraction is the whole point of PAM.

Yes - for normal users who can only run passwd without any
arguments.  Perhaps the confusion results from the fact that
it's all done by the same passwd program - for compatibility
with previous versions of passwd.  Technically these could
be two completely unrelated programs: one for users, which
does PAM and nothing else; and another one for root, which
can do everything but only with the local password database.

> Perhaps we need to add some sort of getconfigfileent() to -lpam_misc?

Yes.  Like getdef_num() or getdef_str() which are used by
programs in the shadow suite.  We could even try to use the
same config file...


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []