On Fri, May 25, Tomas Mraz wrote:
On Thu, 2012-05-24 at 13:59 +0200, Tomas Mraz wrote:
> The attached patch changes the semantics of the default (non enforcing
> for root) behavior of pam_pwhistory more reasonable and aligned with the
> default behavior of pam_cracklib. It will not enforce error but will
> print a message in case the root changes password to a duplicate value
> for himself or for another users. The behavior when the option
> enforce_for_root is used stays unchanged.
>
> OK to commit?
Any comments?
Since the info for root is only informativ and no error, if
it is not enforced for root, we shouldn't use pam_error.
This will only confuse people: getting an error message but
without the knowledge that the passwort has still be changed.
Thorsten
--
Thorsten Kukuk, Project Manager/Release Manager SLES
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)