Re: About-me-password backend

["Johannes H. Jensen" <joh deworks net>]

I agree, if we are going to support PAM, this is something we have to  
look at. Note that I'm currently just working on bug #321567, which  
is about usability issues in the dialog, so I'm just using what's  
already there. I would be happy to improve more than the usability  
though!

I thought using /usr/bin/passwd as the backend was chosen because one  
didn't want to leave out systems which weren't PAM-enabled. But then  
again, gdm (and probably other modules) relies on PAM (I think?) for  
authentication. I have some old code (an old password-changer  
actually) which communicates directly with PAM. It relies on a  
backend to update the authentication token, which has to be run as root.

I would love if someone experienced with PAM could help me with this :)

Best regards,

Johannes H. Jensen
deworks


On 11. apr. 2006, at 14:56:55, Matthias Clasen wrote:

> On 4/10/06, Johannes H. Jensen <joh deworks net> wrote:
> > Dear almighty GNOME hackers, I'm in need of some pointers!
> >
> > I'm currently hacking on the about-me password dialog (see #321567),
> > which is spawning /usr/bin/passwd to authenticate and change the
> > password. In the new dialog, I'm dividing the process in two, so that
> > the user has to authenticate with his current password first (which
> > spawns passwd to verify). If passwd doesn't complain and prompts for
> > the new password, he can enter his new password, retype it and hit
> > "Change password". When he hits the button, some time has elapsed
> > since he first authenticated (and thus passwd was spawned).
>
> Note that any solution which only asks for old and new password is not
> fexible enough. pam allows very different setups, and the change  
> password
> feature in the capplet should support them. What we do in fedora is
> to just spawn /usr/bin/userpasswd, which is designed to handle all  
> this.
>
> Matthias