The passwd command prompts user, except root, for current password.
[[email protected] ~]$ passwd Changing password for user user01. Changing password for user01. (current) UNIX password:Is it possible to use the Privileged Identity Manager (PIM) agent to change this behaviour?
The passwd command will prompt all users except root for their current password. This is by design and has nothing to do with PIM.
PIM can be used to get around this. The following example is a demonstration of how to do this.
The following SUDO rule allows users authorized to do so to change their password, and only their password, without being prompted for their current password:
editres SUDO ('changepassword') audit(FAILURE) data('/bin/passwd;$U $e;$O')
ng ("changepassword") auth sudo ('changepassword') gid("changepassword") join ("testuser") group("changepassword")
auth PROGRAM ('/opt/CA/AccessControl/bin/sesudo') gid(changepassword)
sesudo changepassword <USERNAME>
sesudo changepassword $(sewhoami)
nr program ("/usr/local/bin/changepassword") defacc(none) owner(nobody) auth program ("/usr/local/bin/changepassword") access(x) gid(changepassword)