Changing passwords as a role
Of course the privilege to change other peoples password can be encapsulated into a role, so you have an additional authentication by using the role password before you get such powerful privileges.
Now we can assign this role to a user, for example to the user
Now let’s try to change the password of the user root. As you would expect, the user
guru has an assigned role of
pwchanger as we just assigned it.
You have to change into the role first using the role password, which isn’t user userpassword except you configure it this way.
When you are leaving the role, you are losing the privilege of the role, im this case the privilege to change passwords.
The whole process is put into the audit log: