I'm using PAM 3.1.1 and I have a doubt.
If I configure an automatic login (with SSH Applet) to allow, for example, a user to log into a server with root account, this user just have to click on SSH button on his access page, with no need to check nor insert the root password, since root account credentials are stored and hidden.
But if the user is root on the server, he can change own (and any other PAM managed account) password, so that automatic login won't work anymore, since the password stored by PAM is different from the one existing on the server.
I have same the same doubt above windows-based accounts management.
If I use PAM to make a user login as an Administrator, how can I forbid him to change Administrator password or, worst, the PAM Proxy log on account password, supposing I don't want it to run as LocalSystem?
Is there any way to prevent users from change account password?
Thanks for helping me,