© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
The reason for reusing the passwords between modules is to ensure the user is only prompted for a new password once.
There is no "try_authtok" equivalent to "try_first_pass", and special-casing pam_lwidentity in pam-auth-update would not be a good idea. I think pam_lwidentity needs to prompt for and store the new password, even if it won't use it itself, otherwise there's no way for us to have a completely pluggable stack.
Also, if the return code here is "password updated successfully", then I think that implies pam_lwidentity.so is incorrectly returning PAM_SUCCESS for users it doesn't know about. It shouldn't do this - it should return a sensible return value that lets the administrator construct a useful stack, instead of presuming that PAM_SUCCESS is wanted.
BTW, installing pam_cracklib may (or may not) work around this.