[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Old Authtok when changing passwords

On Mon, Apr 15, 2002 at 02:09:45PM +0200, Thorsten Kukuk wrote:

> If you use shadow passwords and your password expires, login will ask
> you to change the password to a new one. This is no problem, if the
> password is stored local in /etc/shadow and the old password is
> not necessary.

> But if the password and the shadow information is stored in a remote
> service, where you need the old password to change it, you have lost.

> Is there really no way to get the AUTHTOK used in 
> pam_sm_authenticate() from pam_sm_chauthtok()? Do I really have to
> ask the user a second time for his password?

I don't see any general solution to the question of having to prompt for 
the password a second time when changing the password.  And indeed, I 
don't think this is /all/ bad; I can't think of anything pre-PAM that 
did any better, and PAM's support for stackable password changes is a 
definite improvement.

Steve Langasek
postmodern programmer

Attachment: pgp00001.pgp
Description: PGP signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []