[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: password-changing HOWTO?



On Thu, 1 Aug 1996, Cristian Gafton wrote:

> > Understood... However, the shadow suite passwd can afford to pass in a
> > flag that says "running as root, don't authenticate", since the shadow
> > suite is specific to shadow passwords. We can't do that without breaking
> > the API - which isn't going to happen :) 
> 
> I don't get it. Why the passwd program can skip pam authentification if 
> running as root (err, uid 0 account) ?

Because the passwd program doesn't do authentication...  Charlie Lai from
Sun made a good point when he noted that since the password module stack
may differ from the authentication stack, you can't have the application
do authentication. Each password module has to validate the user that it
gets passed in - and there is no flag that says "don't authenticate this
user" that is standardized in the API.

Anyone have any ideas here? (Perhaps we could resort to having a separate
program altogether for the superuser to set people's passwords? Or perhaps
the good old 'vi' command should be brought into play :)

\\\| Elliot Lee                 |\\\    ||  "Claim to fame":
 \\\| Red Hat Software           |\\\   ||  What else?
  \\\| <sopwith@redhat.com>       |\\\  ||  http://www.redhat.com/
   \\\| Webmaster, Programmer, etc |\\\ ||




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []