[Pkg-shadow-devel] improvement of chfn/chsh manpages
Tomasz Kłoczko
kloczek at zie.pg.gda.pl
Mon Oct 3 18:04:44 UTC 2005
On Sun, 2 Oct 2005, Alexander Gattin wrote:
> Hi, Tomasz!
>
> I have fixed a typo in chsh.1.xml
> and added chsh(1) to SEE ALSO section of chfn.1.xml
> (diff attached).
Commited.
Thank You.
> Also I have a question -- how do you have chfn/chsh
> operating in PLD for ordinary users -- do they ask for
> users' password or not?
Yes, ask user for password.
/etc/pam.d/{chfn,chsh,chpasswd} from my system (where I'm using NIS):
# cat chsh chfn chpasswd
#%PAM-1.0
auth required pam_listfile.so item=user sense=allow file=/etc/security/chsh.allow onerr=fail
auth sufficient pam_rootok.so
auth required pam_unix.so
account required pam_unix.so
password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
password required pam_unix.so md5 shadow use_authtok
password required pam_make.so /var/db
password required pam_make.so /var/yp
session required pam_unix.so
#%PAM-1.0
auth required pam_listfile.so item=user sense=allow file=/etc/security/chfn.allow onerr=fail
auth sufficient pam_rootok.so
auth required pam_unix.so
account required pam_unix.so
password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
password required pam_unix.so md5 shadow use_authtok
password required pam_make.so /var/db
password required pam_make.so /var/yp
session required pam_unix.so
#%PAM-1.0
auth sufficient pam_rootok.so
auth required pam_unix.so
account required pam_permit.so
password required pam_make.so /var/db
password required pam_make.so /var/yp
It works as expected on PAM 0.77. I'm just check shadow 4.0.13 on Fedora
where is pam 0.80 and (strange) it work as you report.
> In Debian, chsh and chfn of 4.0.3 used to _ask_
> ordinary users for password:
> > ramazan at cherokee:~/shadow/svn/pkg-shadow/trunk$ chsh -s /bin/zsh
> > Password:
> with new code they won't.
>
> We should decide whether to keep old behavior for
> Debian's passwd by patching or maybe perform
> pam-ification on chfn/chsh?
PAMify this programs allow use this tools not only on "files" NSS type
database without touching shadow code. So it must work as expected.
Qustion is: why on freshen PAM it does not work as is expected (?) :>
kloczek
--
-----------------------------------------------------------
*Ludzie nie mają problemów, tylko sobie sami je stwarzają*
-----------------------------------------------------------
Tomasz Kłoczko, sys adm @zie.pg.gda.pl|*e-mail: kloczek at rudy.mif.pg.gda.pl*
More information about the Pkg-shadow-devel
mailing list