Re: About-me-password backend



I agree, if we are going to support PAM, this is something we have to look at. Note that I'm currently just working on bug #321567, which is about usability issues in the dialog, so I'm just using what's already there. I would be happy to improve more than the usability though!

I thought using /usr/bin/passwd as the backend was chosen because one didn't want to leave out systems which weren't PAM-enabled. But then again, gdm (and probably other modules) relies on PAM (I think?) for authentication. I have some old code (an old password-changer actually) which communicates directly with PAM. It relies on a backend to update the authentication token, which has to be run as root.

I would love if someone experienced with PAM could help me with this :)

Best regards,

Johannes H. Jensen
deworks


On 11. apr. 2006, at 14:56:55, Matthias Clasen wrote:

On 4/10/06, Johannes H. Jensen <joh deworks net> wrote:
Dear almighty GNOME hackers, I'm in need of some pointers!

I'm currently hacking on the about-me password dialog (see #321567),
which is spawning /usr/bin/passwd to authenticate and change the
password. In the new dialog, I'm dividing the process in two, so that
the user has to authenticate with his current password first (which
spawns passwd to verify). If passwd doesn't complain and prompts for
the new password, he can enter his new password, retype it and hit
"Change password". When he hits the button, some time has elapsed
since he first authenticated (and thus passwd was spawned).


Note that any solution which only asks for old and new password is not
fexible enough. pam allows very different setups, and the change password
feature in the capplet should support them. What we do in fedora is
to just spawn /usr/bin/userpasswd, which is designed to handle all this.

Matthias





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]