Date: Fri, 05 Dec 2003 01:00:29 +0100 From: des@des.no (Dag-Erling =?iso-8859-1?q?Sm=F8rgrav?=) To: Jacques Vidrine <nectar@freebsd.org> Cc: freebsd-current@freebsd.org Subject: Re: NSS and PAM Message-ID: <xzpllps3zhe.fsf@dwp.des.no> In-Reply-To: <3FCF55DF.7040402@freebsd.org> (Jacques Vidrine's message of "Thu, 04 Dec 2003 09:42:23 -0600") References: <20031129011334.GC88553@madman.celabo.org> <xzpbrqw7xsb.fsf@dwp.des.no> <20031201142737.GC99428@madman.celabo.org> <xzp7k1geb6x.fsf@dwp.des.no> <20031201175925.GC244@madman.celabo.org> <xzpvfp0ch1z.fsf@dwp.des.no> <3FCF55DF.7040402@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Jacques Vidrine <nectar@freebsd.org> writes: > Applications that use PAM to change the password when the password > expires seem to work out OK. This works because each backend knows whether or not the password needs changing (there is a flag to tell the module to only ask for a new password if the current password has expired). When you are purposedly changing your password before it expires, things are a little less clear. Things might be easier if NSS had a proper API which included entry points for storing and updating user information (and not just for retrieving). Then pam_unix wouldn't need to know anything about /etc/spwd.db or NIS; it would just retrieve the information from NSS, note that the password had expired, ask the user for a new password and tell NSS to store it. DES --=20 Dag-Erling Sm=F8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpllps3zhe.fsf>