On Sun, 27 Jan 2002 15:03:46 -0500 Joel Hammer <[EMAIL PROTECTED]> spewed into the bitstream:
> Hmmm... > Hmmm...... > Yes. Now that you mention it. > I wonder why I didn't think of that myself? Umm. Depends on the distro, but this is configurable. You can force users to put in their old password before they can change it, or not. See /etc/pam.d/passwd (and the pam_passwd.so module README). Note that there is a facility for storing old passwords in MD5 hash in /etc/security/opasswd so that you can't simply alternate between two old passwords. > Thanks, > Joel > > On Sun, Jan 27, 2002 at 02:24:02PM -0500, Bruce Marshall wrote: > > On Sunday 27 January 2002 12:20 pm, Joel Hammer wrote: > > > I thought that for security reasons, the actual password is never > > > stored on the computer, just the encrypted form. If so, how can the > > > computer know that I have tried to "cheat" and when asked to alter > > > my password, I just changed the case of one letter. > > > > Did it not ask for your old password in order to change the new one? > > (as a normal user you should have been asked.) > > > _______________________________________________ > Linux-users mailing list - http://linux.nf/mailman/listinfo/linux-users > Subscribe/Unsubscribe info, Archives,and Digests are located at the > above URL. -- Focus on the dream, not the competition. -- Nemesis Racing Team motto Internet (H323) phone: 206.28.187.30 _______________________________________________ Linux-users mailing list - http://linux.nf/mailman/listinfo/linux-users Subscribe/Unsubscribe info, Archives,and Digests are located at the above URL.
