PAM_OLDAUTHTOK
Scott Gentry
sgentry6 at gmail.com
Thu Apr 27 19:03:27 UTC 2006
While fooling around with cracklib and passwdqc I noticed that when
pam_get_item is called on to get PAM_OLDAUTHTOK that NULL is returned when I
run the passwd program as root.
I belive that this is done because when the root user changes a password for
a user that you don't want root to be prompted for the old password.
That does allow the root user to break some policy rules for passwdqc (ie
can use an old password or a similar password which is supposed to be
invalid). Is this the desired functionality when passwd is called as root?
Is there anyway to have the OLDAUTHTOK stored when the root user is running
the application? I am using 0.78-r3 on Gentoo. Upgrading is unfortunately
not an option at this point.
I looked into ways to hack this, but haven't come up with a clear way as of
yet. I also searched through the archive for similar posts, but
unfortunately haven't found anything similar as of yet.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pam-list/attachments/20060427/09693882/attachment.htm>
More information about the Pam-list
mailing list