> There really should be a function that takes a user name or ID and a clearte$
Maybe. But then you have a lot more failure modes and a lot more possible attack surface. It would also mean that you can't check or change passwords in single-user mode without starting the magic daemon; that would be a substantial regression as far as user experience goes, if nothing else. And what about checking the root password for single-user boot with insecure console? It _is_, however, very much in keeping with the "encapsulate single-purpose code into a single place" attitude that has brought a lot of benefits. I wonder if there isn't some better way I'm missing. /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML mo...@rodents-montreal.org / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
