> I'm having trouble w/ DEC OSF/1 V2.0 Enhanced Security. Just > yesterday, the passwd program decided to be very friendly and let > anyone (except root) change anyone else's password. [...] > Any user can type "passwd username" to change anyone's password > WITHOUT supplying the old password. [...] Strangely, when root > attempts to change someone else's password, the "Old password:" > prompt is given. It's almost like it's reversing the result when > checking whether the user should have to supply the old password. > Any ideas are welcome. It seems almost too obvious to need saying...but have you checked your passwd binary against the distribution media (which I hope you have kept, never un-writelocked)? This sounds like exactly what I'd expect if someone broke in, looked through passwd for a place where it checks for root privilege, and reversed the following conditional branch. (This would be a pretty incompetent cracker, but something tells me Sturgeon's Law is as true of crackers as it is of other things.) der Mouse mouse@collatz.mcrcim.mcgill.edu