From owner-freebsd-current@FreeBSD.ORG  Thu Dec  4 16:00:47 2003
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 35F4216A4CF; Thu,  4 Dec 2003 16:00:47 -0800 (PST)
Received: from smtp.des.no (flood.des.no [217.116.83.31])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id C310F43FB1; Thu,  4 Dec 2003 16:00:40 -0800 (PST)
	(envelope-from des@des.no)
Received: by smtp.des.no (Pony Express, from userid 666)
	id DA0F2530C; Fri,  5 Dec 2003 01:00:39 +0100 (CET)
Received: from dwp.des.no (des.no [80.203.228.37])
	by smtp.des.no (Pony Express) with ESMTP
	id 6FF0C5308; Fri,  5 Dec 2003 01:00:30 +0100 (CET)
Received: by dwp.des.no (Postfix, from userid 2602)
	id A6DDC33C6A; Fri,  5 Dec 2003 01:00:29 +0100 (CET)
To: Jacques Vidrine <nectar@freebsd.org>
References: <20031129011334.GC88553@madman.celabo.org>
	<xzpbrqw7xsb.fsf@dwp.des.no>
	<20031201142737.GC99428@madman.celabo.org>
	<xzp7k1geb6x.fsf@dwp.des.no> <20031201175925.GC244@madman.celabo.org>
	<xzpvfp0ch1z.fsf@dwp.des.no> <3FCF55DF.7040402@freebsd.org>
From: des@des.no (Dag-Erling =?iso-8859-1?q?Sm=F8rgrav?=)
Date: Fri, 05 Dec 2003 01:00:29 +0100
In-Reply-To: <3FCF55DF.7040402@freebsd.org> (Jacques Vidrine's message of
 "Thu, 04 Dec 2003 09:42:23 -0600")
Message-ID: <xzpllps3zhe.fsf@dwp.des.no>
User-Agent: Gnus/5.090024 (Oort Gnus v0.24) Emacs/21.3 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on 
	flood.des.no
X-Spam-Level: 
X-Spam-Status: No, hits=0.1 required=5.0 tests=RCVD_IN_SORBS autolearn=no 
	version=2.60
cc: freebsd-current@freebsd.org
Subject: Re: NSS and PAM
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Dec 2003 00:00:47 -0000

Jacques Vidrine <nectar@freebsd.org> writes:
> Applications that use PAM to change the password when the password
> expires seem to work out OK.

This works because each backend knows whether or not the password
needs changing (there is a flag to tell the module to only ask for a
new password if the current password has expired).  When you are
purposedly changing your password before it expires, things are a
little less clear.

Things might be easier if NSS had a proper API which included entry
points for storing and updating user information (and not just for
retrieving).  Then pam_unix wouldn't need to know anything about
/etc/spwd.db or NIS; it would just retrieve the information from NSS,
note that the password had expired, ask the user for a new password
and tell NSS to store it.

DES
--=20
Dag-Erling Sm=F8rgrav - des@des.no