re: #45 Charles

[Link: www.defenceindepth.net…]

That article isn’t accurate. I just tried the technique described, and I could not change another user’s password without entering the old one.

The currently logged in user can change his own password without authentication, and that’s not a good thing. But it’s nowhere near as bad as the article makes it sound.

I think that was the point: You can change the password of a logged-in user without being prompted for the old one. From the article, emphasis mine:

So, in order to change the password of the currently logged in user, simply use: