Subject: Re: passwd authentication bug
To: None <tech-security@NetBSD.org>
From: John Nemeth <firstname.lastname@example.org>
Date: 07/03/2007 13:21:22
On Nov 23, 4:41pm, "Zafer Aydogan" wrote:
} I've come across that trying to set a password for a non existing user
} displays this error:
} # passwd foobar
} Changing password for foobar.
} Unable to change auth token: failed to recover old authentication token
} instead of displaying that the user doesn't exists.
} I'm running current as of July 3rd (4.99.22), but I noticed this bug a
} while ago.
This is not a bug. It is not possible for passwd to determine
apriori if "user" exists. Consider the idea of having passwords for
services which don't correspond to users that can login. Under the new
world order of things like PAM and NSS, authentication has been
decoupled from user info and can come from completely seperate
}-- End of excerpt from "Zafer Aydogan"