Paul Lussier wrote:
> In a message dated: Thu, 22 Jun 2000 15:44:21 EDT
> Bob Bell said:
>
> >> Does it ask you for the old NIS passwd if you:
> >
> > Yes, in fact it still does.
> [..snip..]
> > Tru64 has a man page for yppasswd in section 3, which says in part.
> >
> >yppasswd(oldpass, newpw)
> > char *oldpass;
> > struct passwd *newpw;
> >
> >If oldpass is indeed the old user password, this routine replaces the
> >password entry with newpw.
At least in Linux, if you are root, and you don't know the other user's password,
then you can go to /etc/shadow (/etc/passwd on other unix systems). Once there,
you completely remove the encrypted password. Then, you can log in regularly as
that user, specifying no password (since it was just removed from /etc/passwd).
The password authentication passes because no password is exactly what is in the
/etc/passwd file. Then you can change their password with no problem.
So, passwd doesn't protect the password from being changed if you are root, even
though it asks for the previous password. It probably is the same in Tru64 and
yppasswd unless it does things totally differently than other UNIX environments.
--
Warren Mansur
email: [EMAIL PROTECTED]
phone: 603-884-5435
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
