>>>>> "Philip" == Philip S Tellis <Philip> writes:
Philip> On Thu, 28 Mar 2002, Raju Mathur wrote:
>> to use the passwd utility. Another possibility is to replace
>> passwd with a wrapper which checks the user ID before calling
>> the original program, but that's more of a hack and smells
>> strongly of security by obscurity (as does the idea of putting
>> passwd in /sbin).
>>
>> The ideal way to do it, of course, would be to add a PAM
>> module.
Philip> PAM is the best way, since it's what's used anyway. It
Philip> would also be the simplest way, because all that would be
Philip> required is to add something to /etc/pam.d/passwd - and to
Philip> write the relevant module obviously.
Best (not simplest!) and also most painful. If you're ever written a
PAM module you'd know what a PITA PAM programming is: I wrote one once
to allow users with Netscape SHA1 passwords to authenticate, and swore
never to touch PAM again.
Philip> [snip]
Regards,
-- Raju
--
Raju Mathur [EMAIL PROTECTED] http://kandalaya.org/
It is the mind that moves
_______________________________________________
linux-india-help mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/linux-india-help
