The reason for reusing the passwords between modules is to ensure the user is only prompted for a new password once.
There is no "try_authtok" equivalent to "try_first_pass", and special- casing pam_lwidentity in pam-auth-update would not be a good idea. I think pam_lwidentity needs to prompt for and store the new password, even if it won't use it itself, otherwise there's no way for us to have a completely pluggable stack. Also, if the return code here is "password updated successfully", then I think that implies pam_lwidentity.so is incorrectly returning PAM_SUCCESS for users it doesn't know about. It shouldn't do this - it should return a sensible return value that lets the administrator construct a useful stack, instead of presuming that PAM_SUCCESS is wanted. BTW, installing pam_cracklib may (or may not) work around this. -- likewise-open prevents local passwords from being changed https://bugs.launchpad.net/bugs/302026 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs