re: #45 Charles
[Link: www.defenceindepth.net…]
That article isn’t accurate. I just tried the technique described, and I could not change another user’s password without entering the old one.
The currently logged in user can change his own password without authentication, and that’s not a good thing. But it’s nowhere near as bad as the article makes it sound.
I think that was the point: You can change the password of a logged-in user without being prompted for the old one. From the article, emphasis mine:
So, in order to change the password of the currently logged in user, simply use: