[Pkg-shadow-devel] --keep-tokens "not working as expected"
serge.hallyn at ubuntu.com
Tue Sep 2 14:34:32 UTC 2014
Quoting lev abalkin (lev.abalkin at insiberia.net):
> Hello there!
> Have the following problem(s) with the `--keep-tokens` option of
> `passwd` I found some hints that other people seem to have to:
> # trying to set a new password with or without the `--keep-tokens`
> option isn't possible - as expected
> # I've tried this both as root and as user to whom the account |
> password belongs: As expected, `root` changes the password no matter what
Hm, the behavior I see is that as root is that 'passwd -k someuser'
simply asks for their current password, whereas without -k it
doesn't ask for the current password.
So this certainly seems like a bug. Yet looking at the code
(passwd.c:check_password), it does the right thing.
Ah, here we go. The check_password() function is only compiled if
#USE_PAM. So this behavior is now driven by pam. I don't know
the relationship here well enough to know whether 'password expiry'
info has to come from pam if #USE_PAM. If not, then shadow could
fix this by always checking expiry if -k is passed, and exiting
early if not expired.
> I wonder what the actual use of the `--keep-tokens` option might be. I
> read the info page both in English and my mothertounge as "don't change
> passwords if not expired", which it should anyway, I guess. This two
> posts describe the same problem:
> Thanks for the good work on `passwd`and thanks in advance for all your
> All the best
> Pkg-shadow-devel mailing list
> Pkg-shadow-devel at lists.alioth.debian.org
More information about the Pkg-shadow-devel