My curiosity origins from memories from my previous findings which concluded there were no hooks in PAM for this kind of functionality. (Even /usr/bin/passwd from the shadow source package manipulates the files directly while it uses PAM for authentication.)
You should reread the shadow source and check out the libpam-doc package for the pam_chauthtok function.
Mike Stone
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
