pam_pwhistory needs to run a helper to save hashes from /etc/shadow
to /etc/security/opasswd as these files have shadow_t context.
Although current policy allows for passwd command to work with it it
would not be possible to change expired passwords with login and other
services.
The attached patch implements the helper which is called when SELinux is
enabled.
Please review.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
Show replies by date