On Mon, Nov 06, 2006 at 12:09:59PM -0500, Brian Ristuccia wrote: > On Mon, Nov 06, 2006 at 05:07:31PM +0100, Nicolas François wrote: > > > > I recommend you to set users' password by root to a simple password that > > can be communicated to the user, but also tag the password as expired, so > > that the user have to choose a new password the next time he login (and > > then the new password will be enterred to /etc/security/opasswd; also the > > administrator do not have to know the users' passwords). > > > > In that case, only the temporary password is written into opasswd. The > user's previous password (before it was changed by root to the temporary > one) is not stored in opasswd and nothing prevents the user from changing > their password back to that value.
Yes, you are right. I did not understand the issue of #396918. (This does not change the status for chpasswd, but I will try to have a look at the pam_unix module) Kind Regards, -- Nekral