[Pkg-shadow-devel] Bug#396726: chpasswd does not update opasswd
Nicolas François
nicolas.francois at centraliens.net
Fri Nov 3 22:50:12 CET 2006
tags 396726 wontfix
thanks
Hello,
On Thu, Nov 02, 2006 at 09:38:22AM -0500, Brian Ristuccia wrote:
>
> When changing a password with chpasswd, the previous password hash is not
> stored in /etc/security/opasswd. As a result, nothing prevents the user from
> changing their password back to a previous (potentially compromised) value.
chpasswd is currently not compiled with PAM support on Debian.
As PAM is responsible for updating /etc/security/opasswd, I prefer to keep
this bug open, but tagging it wontfix, until we decide whether we can
compile this utility with PAM support.
Kind Regards,
--
Nekral
More information about the Pkg-shadow-devel
mailing list