From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 95) Description of problem: The 'passwd' breaks abstraction of PAM by communicating directly with the one (pwdb: /etc/{passwd,shadow}) of many possible authentification subsystems. This communication bypasses PAM and fails if underlying subsystem is other than pwdb. The right way to correct this design error is having two different 'passwd' utilities: 1) Not PAM-aware, pwdb-only utility which keeps all functionality of the present 'passwd' 2) PAM-only aware utility with high abstractiveness, good for any underlying authentification subsystem, but loosing some functionality of the present 'passwd'. Version-Release number of selected component (if applicable): How reproducible: (not applicable) Steps to Reproduce: (not applicable) Actual Results: (not applicable) Expected Results: (not applicable)
I will reconsider this in future.
Passwd now uses PAM for changing passwords and libuser for operations which cannot be accomplished through PAM.
(In reply to comment #2) > Passwd now uses PAM for changing passwords and libuser for operations which > cannot be accomplished through PAM. That's still not a good design. There are drawbacks: If an underlying authentification subsystem is not a pwdb (/etc/{passwd,shadow} ), then 1) I can not remove excessive libuser package, because "passwd" is linked against it. 2) Anyway, I have to acquire authentification subsystem-specific utility for "operations which cannot be accomplished through PAM". You could consider to revise PAM design to make it's interfaces more versatile, to make the single utility "passwd" encompassing any auth.subsystems.