lists.arthurdejong.org
RSS feed

Re: pam password changing

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: pam password changing



Sorry for taking so long to respond.

On Mon, 2019-01-14 at 12:23 +0100, nsspamldapd12@iotti.biz wrote:
> Looking at the code, in auth module pam_sm_authenticate() saves the
> password in the context, ctx->oldpassword = strdup(passwd). In the
> comment I read that the old password is saved exactly for use in case
> we have to change it.
> But then in password module, in pam_sm_chauthtok() I find that
> ctx->oldpassword is NULL. Is this by design, i.e. the context is not
> kept between the various modules? Better, is there a way not to have
> to type the old password twice, one time and immediately another
> time?

This could be related to how SSHD and PAM co-operate in this situation
but I'm not 100% sure. It could be that the authentication and password
changing are done in different PAM contexts. Also, changing a password
in PAM is a bit iffy, because some implementations seem to do explicit
authentication first and others rely on the authentication mechanism
that that is part of the change itself (the preliminary check).

-- 
-- arthur - arthur@arthurdejong.org - https://arthurdejong.org/ --

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/