or pam, to ease IT audit guideline compliance. Patch from Richard
Hansen of BBN in private mail.
Proposed on tech-kern with positive comments, except a suggestion I
didn't implement:
A possible future enhancement is refraining from logging if the old
password is empty, as some people abort password changing that way.
However, it's not clear if this complies with most guidelines that
require password change logging, and at first glance that appears to
be a fairly difficult change.
similar to Solaris's "-r <repository" or Mac OS X's "-i <infosystem>",
to select the password database (files, nis, krb5). Otherwise, we default
to using whatever PAM decides.
XXX: This avoids the issue of supporting separate -l -y -k, but is the behavior
correct? Should passwd -p disable all other passwd methods? Should it become
the default if compiled in?
