Re: pam password changing
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: pam password changing
- From: Arthur de Jong <arthur [at] arthurdejong.org>
- To: nsspamldapd12 [at] iotti.biz, nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: pam password changing
- Date: Sun, 10 Mar 2019 16:35:11 +0100
Sorry for taking so long to respond.
On Mon, 2019-01-14 at 12:23 +0100, nsspamldapd12@iotti.biz wrote:
> Looking at the code, in auth module pam_sm_authenticate() saves the
> password in the context, ctx->oldpassword = strdup(passwd). In the
> comment I read that the old password is saved exactly for use in case
> we have to change it.
> But then in password module, in pam_sm_chauthtok() I find that
> ctx->oldpassword is NULL. Is this by design, i.e. the context is not
> kept between the various modules? Better, is there a way not to have
> to type the old password twice, one time and immediately another
> time?
This could be related to how SSHD and PAM co-operate in this situation
but I'm not 100% sure. It could be that the authentication and password
changing are done in different PAM contexts. Also, changing a password
in PAM is a bit iffy, because some implementations seem to do explicit
authentication first and others rely on the authentication mechanism
that that is part of the change itself (the preliminary check).
--
-- arthur - arthur@arthurdejong.org - https://arthurdejong.org/ --
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/