[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

use_first_pass and use_authtok . . .

I've written a PAM passwd module to update users' passwords on a
remote SMB server (in my case a samba server) using code from samba
and various PAM modules.  The module works (it updates users'
passwords) and is stackable (though I've not finished testing it yet).

My question is regarding the use_first_pass and use_authtok options --
I didn't implement the use_authtok option; (only use_first_pass and
debug).  The PAM docs say that "use_first_pass is used to lock the
choice of old and new passwords to that dictated by the previously
stacked password module," and that "use_authtok is used to force the
module to set the new password to the one provided by the previously
stacked password module."  So, use_authtok is designed to have my
module use the new password but request the old one directly from the

Notably, use_authtok doesn't seem to be documented in the Red Hat PAM
system administrator's guide, except in module's that use it, though
use_first_pass is.  Further this option seems to be missing completely
from the Solaris 2.6 documentation (though use_first_pass is there).

Are stackable passwd modules expected to implement both these options?



System Administrator
Department of Computer Science
Michigan State University

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []