[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Old Authtok when changing passwords

On Mon, Apr 15, Steve Langasek wrote:

> On Mon, Apr 15, 2002 at 02:09:45PM +0200, Thorsten Kukuk wrote:
> > If you use shadow passwords and your password expires, login will ask
> > you to change the password to a new one. This is no problem, if the
> > password is stored local in /etc/shadow and the old password is
> > not necessary.
> > But if the password and the shadow information is stored in a remote
> > service, where you need the old password to change it, you have lost.
> > Is there really no way to get the AUTHTOK used in 
> > pam_sm_authenticate() from pam_sm_chauthtok()? Do I really have to
> > ask the user a second time for his password?
> I don't see any general solution to the question of having to prompt for 
> the password a second time when changing the password.  And indeed, I 
> don't think this is /all/ bad; I can't think of anything pre-PAM that 
> did any better, and PAM's support for stackable password changes is a 
> definite improvement.

Hm, a normal, shadow capable login program can do it, because it can
save the first password and reuse it later.


Thorsten Kukuk       http://www.suse.de/~kukuk/        kukuk@suse.de
SuSE Linux AG        Deutschherrenstr. 15-19       D-90429 Nuernberg
Key fingerprint = A368 676B 5E1B 3E46 CFCE  2D97 F8FD 4E23 56C6 FB4B

Attachment: pgp00002.pgp
Description: PGP signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []