[Pkg-shadow-devel] improvement of chfn/chsh manpages
Alexander Gattin
xrgtn at yandex.ru
Mon Oct 3 21:14:05 UTC 2005
Hi!
> > Also I have a question -- how do you have chfn/chsh
> > operating in PLD for ordinary users -- do they ask for
> > users' password or not?
>
> Yes, ask user for password.
>
> /etc/pam.d/{chfn,chsh,chpasswd} from my system (where I'm using NIS):
...
> It works as expected on PAM 0.77. I'm just check shadow 4.0.13 on Fedora
> where is pam 0.80 and (strange) it work as you report.
...
> Qustion is: why on freshen PAM it does not work as is expected (?) :>
>From what I see in code, neither chsh nor chfn are
really pam-ified. I.e. they include one pam header and
then there's no calls to pam_start(),
pam_authenticate() and so on. Maybe someone has started
pam-ification of these utils and just left them in
current state.
The difference between PLD (ask) and RH (do not ask for
password) is probably because one shadow was compiled
--with-libpam while another --without-libpam or with
"#undef USE_PAM" inside chsh.c/chfn.c
I don't see any other place in chsh.c/chfn.c where a
user can be prompted for password, except the
passwd_check() code inside #ifndef USE_PAM/#endif
P.S. But I don't know what the code for SELINUX does
and not sure about USE_NIS code too.
--
WBR,
xrgtn
More information about the Pkg-shadow-devel
mailing list