diff --git a/examplebroker/broker.go b/examplebroker/broker.go
index 695a30663..f89c34a8a 100644
--- a/examplebroker/broker.go
+++ b/examplebroker/broker.go
@@ -308,7 +308,7 @@ func (b *Broker) NewSession(ctx context.Context, username, lang, mode string) (s
 		return "", "", fmt.Errorf("user %q does not exist", username)
 	}
 
-	if info.sessionMode == auth.SessionModePasswd {
+	if info.sessionMode == auth.SessionModeChangePassword {
 		info.neededAuthSteps++
 		info.pwdChange = mustReset
 	}
diff --git a/internal/brokers/auth/consts.go b/internal/brokers/auth/consts.go
index aa9496d24..1332f2483 100644
--- a/internal/brokers/auth/consts.go
+++ b/internal/brokers/auth/consts.go
@@ -18,8 +18,8 @@ const (
 var Replies = []string{Granted, Denied, Cancelled, Retry, Next}
 
 const (
-	// SessionModeAuth is the name of the authentication session.
-	SessionModeAuth = "auth"
-	// SessionModePasswd is the name of the passwd session.
-	SessionModePasswd = "passwd"
+	// SessionModeAuthenticate is used when the session is for user authentication.
+	SessionModeAuthenticate = "auth"
+	// SessionModeChangePassword is used when the session is for changing the user password.
+	SessionModeChangePassword = "passwd"
 )
diff --git a/internal/brokers/manager_test.go b/internal/brokers/manager_test.go
index ff36b57e8..5d97845f0 100644
--- a/internal/brokers/manager_test.go
+++ b/internal/brokers/manager_test.go
@@ -181,7 +181,7 @@ func TestNewSession(t *testing.T) {
 		wantErr bool
 	}{
 		"Successfully start a new auth session":                    {username: "success"},
-		"Successfully start a new passwd session":                  {username: "success", sessionMode: auth.SessionModePasswd},
+		"Successfully start a new passwd session":                  {username: "success", sessionMode: auth.SessionModeChangePassword},
 		"Successfully start a new session with the correct broker": {username: "success", configuredBrokers: []string{t.Name() + "_Broker1.conf", t.Name() + "_Broker2.conf"}},
 
 		"Error when broker does not exist":           {brokerID: "does_not_exist", wantErr: true},
diff --git a/internal/proto/authd/authd.pb.go b/internal/proto/authd/authd.pb.go
index 8e7d1c7dd..5bc947647 100644
--- a/internal/proto/authd/authd.pb.go
+++ b/internal/proto/authd/authd.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.35.1
-// 	protoc        v4.23.4
+// 	protoc-gen-go v1.35.2
+// 	protoc        v3.21.12
 // source: authd.proto
 
 package authd
@@ -23,22 +23,22 @@ const (
 type SessionMode int32
 
 const (
-	SessionMode_UNDEFINED SessionMode = 0
-	SessionMode_AUTH      SessionMode = 1
-	SessionMode_PASSWD    SessionMode = 2
+	SessionMode_UNDEFINED       SessionMode = 0
+	SessionMode_AUTHENTICATE    SessionMode = 1
+	SessionMode_CHANGE_PASSWORD SessionMode = 2
 )
 
 // Enum value maps for SessionMode.
 var (
 	SessionMode_name = map[int32]string{
 		0: "UNDEFINED",
-		1: "AUTH",
-		2: "PASSWD",
+		1: "AUTHENTICATE",
+		2: "CHANGE_PASSWORD",
 	}
 	SessionMode_value = map[string]int32{
-		"UNDEFINED": 0,
-		"AUTH":      1,
-		"PASSWD":    2,
+		"UNDEFINED":       0,
+		"AUTHENTICATE":    1,
+		"CHANGE_PASSWORD": 2,
 	}
 )
 
@@ -1876,74 +1876,75 @@ var file_authd_proto_rawDesc = []byte{
 	0x73, 0x12, 0x2c, 0x0a, 0x07, 0x65, 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03,
 	0x28, 0x0b, 0x32, 0x12, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x64, 0x2e, 0x53, 0x68, 0x61, 0x64, 0x6f,
 	0x77, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x65, 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x2a,
-	0x32, 0x0a, 0x0b, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x0d,
-	0x0a, 0x09, 0x55, 0x4e, 0x44, 0x45, 0x46, 0x49, 0x4e, 0x45, 0x44, 0x10, 0x00, 0x12, 0x08, 0x0a,
-	0x04, 0x41, 0x55, 0x54, 0x48, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x50, 0x41, 0x53, 0x53, 0x57,
-	0x44, 0x10, 0x02, 0x32, 0xd3, 0x03, 0x0a, 0x03, 0x50, 0x41, 0x4d, 0x12, 0x33, 0x0a, 0x10, 0x41,
-	0x76, 0x61, 0x69, 0x6c, 0x61, 0x62, 0x6c, 0x65, 0x42, 0x72, 0x6f, 0x6b, 0x65, 0x72, 0x73, 0x12,
-	0x0c, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x64, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x1a, 0x11, 0x2e,
-	0x61, 0x75, 0x74, 0x68, 0x64, 0x2e, 0x41, 0x42, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
-	0x12, 0x3a, 0x0a, 0x11, 0x47, 0x65, 0x74, 0x50, 0x72, 0x65, 0x76, 0x69, 0x6f, 0x75, 0x73, 0x42,
-	0x72, 0x6f, 0x6b, 0x65, 0x72, 0x12, 0x11, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x64, 0x2e, 0x47, 0x50,
-	0x42, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x64,
-	0x2e, 0x47, 0x50, 0x42, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x33, 0x0a, 0x0c,
-	0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x42, 0x72, 0x6f, 0x6b, 0x65, 0x72, 0x12, 0x10, 0x2e, 0x61,
-	0x75, 0x74, 0x68, 0x64, 0x2e, 0x53, 0x42, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x11,
-	0x2e, 0x61, 0x75, 0x74, 0x68, 0x64, 0x2e, 0x53, 0x42, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
-	0x65, 0x12, 0x3f, 0x0a, 0x16, 0x47, 0x65, 0x74, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69,
-	0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x6f, 0x64, 0x65, 0x73, 0x12, 0x11, 0x2e, 0x61, 0x75,
-	0x74, 0x68, 0x64, 0x2e, 0x47, 0x41, 0x4d, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x12,
-	0x2e, 0x61, 0x75, 0x74, 0x68, 0x64, 0x2e, 0x47, 0x41, 0x4d, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
-	0x73, 0x65, 0x12, 0x41, 0x0a, 0x18, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x41, 0x75, 0x74, 0x68,
-	0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x11,
-	0x2e, 0x61, 0x75, 0x74, 0x68, 0x64, 0x2e, 0x53, 0x41, 0x4d, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
-	0x74, 0x1a, 0x12, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x64, 0x2e, 0x53, 0x41, 0x4d, 0x52, 0x65, 0x73,
-	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x36, 0x0a, 0x0f, 0x49, 0x73, 0x41, 0x75, 0x74, 0x68, 0x65,
-	0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x10, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x64,
-	0x2e, 0x49, 0x41, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x11, 0x2e, 0x61, 0x75, 0x74,
-	0x68, 0x64, 0x2e, 0x49, 0x41, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x2c, 0x0a,
-	0x0a, 0x45, 0x6e, 0x64, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x10, 0x2e, 0x61, 0x75,
-	0x74, 0x68, 0x64, 0x2e, 0x45, 0x53, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0c, 0x2e,
-	0x61, 0x75, 0x74, 0x68, 0x64, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x12, 0x3c, 0x0a, 0x17, 0x53,
-	0x65, 0x74, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x42, 0x72, 0x6f, 0x6b, 0x65, 0x72, 0x46,
-	0x6f, 0x72, 0x55, 0x73, 0x65, 0x72, 0x12, 0x13, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x64, 0x2e, 0x53,
-	0x44, 0x42, 0x46, 0x55, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0c, 0x2e, 0x61, 0x75,
-	0x74, 0x68, 0x64, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x32, 0xf2, 0x03, 0x0a, 0x03, 0x4e, 0x53,
-	0x53, 0x12, 0x44, 0x0a, 0x0f, 0x47, 0x65, 0x74, 0x50, 0x61, 0x73, 0x73, 0x77, 0x64, 0x42, 0x79,
+	0x43, 0x0a, 0x0b, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x0d,
+	0x0a, 0x09, 0x55, 0x4e, 0x44, 0x45, 0x46, 0x49, 0x4e, 0x45, 0x44, 0x10, 0x00, 0x12, 0x10, 0x0a,
+	0x0c, 0x41, 0x55, 0x54, 0x48, 0x45, 0x4e, 0x54, 0x49, 0x43, 0x41, 0x54, 0x45, 0x10, 0x01, 0x12,
+	0x13, 0x0a, 0x0f, 0x43, 0x48, 0x41, 0x4e, 0x47, 0x45, 0x5f, 0x50, 0x41, 0x53, 0x53, 0x57, 0x4f,
+	0x52, 0x44, 0x10, 0x02, 0x32, 0xd3, 0x03, 0x0a, 0x03, 0x50, 0x41, 0x4d, 0x12, 0x33, 0x0a, 0x10,
+	0x41, 0x76, 0x61, 0x69, 0x6c, 0x61, 0x62, 0x6c, 0x65, 0x42, 0x72, 0x6f, 0x6b, 0x65, 0x72, 0x73,
+	0x12, 0x0c, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x64, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x1a, 0x11,
+	0x2e, 0x61, 0x75, 0x74, 0x68, 0x64, 0x2e, 0x41, 0x42, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
+	0x65, 0x12, 0x3a, 0x0a, 0x11, 0x47, 0x65, 0x74, 0x50, 0x72, 0x65, 0x76, 0x69, 0x6f, 0x75, 0x73,
+	0x42, 0x72, 0x6f, 0x6b, 0x65, 0x72, 0x12, 0x11, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x64, 0x2e, 0x47,
+	0x50, 0x42, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x61, 0x75, 0x74, 0x68,
+	0x64, 0x2e, 0x47, 0x50, 0x42, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x33, 0x0a,
+	0x0c, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x42, 0x72, 0x6f, 0x6b, 0x65, 0x72, 0x12, 0x10, 0x2e,
+	0x61, 0x75, 0x74, 0x68, 0x64, 0x2e, 0x53, 0x42, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
+	0x11, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x64, 0x2e, 0x53, 0x42, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
+	0x73, 0x65, 0x12, 0x3f, 0x0a, 0x16, 0x47, 0x65, 0x74, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74,
+	0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x6f, 0x64, 0x65, 0x73, 0x12, 0x11, 0x2e, 0x61,
+	0x75, 0x74, 0x68, 0x64, 0x2e, 0x47, 0x41, 0x4d, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
+	0x12, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x64, 0x2e, 0x47, 0x41, 0x4d, 0x52, 0x65, 0x73, 0x70, 0x6f,
+	0x6e, 0x73, 0x65, 0x12, 0x41, 0x0a, 0x18, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x41, 0x75, 0x74,
+	0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x6f, 0x64, 0x65, 0x12,
+	0x11, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x64, 0x2e, 0x53, 0x41, 0x4d, 0x52, 0x65, 0x71, 0x75, 0x65,
+	0x73, 0x74, 0x1a, 0x12, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x64, 0x2e, 0x53, 0x41, 0x4d, 0x52, 0x65,
+	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x36, 0x0a, 0x0f, 0x49, 0x73, 0x41, 0x75, 0x74, 0x68,
+	0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x10, 0x2e, 0x61, 0x75, 0x74, 0x68,
+	0x64, 0x2e, 0x49, 0x41, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x11, 0x2e, 0x61, 0x75,
+	0x74, 0x68, 0x64, 0x2e, 0x49, 0x41, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x2c,
+	0x0a, 0x0a, 0x45, 0x6e, 0x64, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x10, 0x2e, 0x61,
+	0x75, 0x74, 0x68, 0x64, 0x2e, 0x45, 0x53, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0c,
+	0x2e, 0x61, 0x75, 0x74, 0x68, 0x64, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x12, 0x3c, 0x0a, 0x17,
+	0x53, 0x65, 0x74, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x42, 0x72, 0x6f, 0x6b, 0x65, 0x72,
+	0x46, 0x6f, 0x72, 0x55, 0x73, 0x65, 0x72, 0x12, 0x13, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x64, 0x2e,
+	0x53, 0x44, 0x42, 0x46, 0x55, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0c, 0x2e, 0x61,
+	0x75, 0x74, 0x68, 0x64, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x32, 0xf2, 0x03, 0x0a, 0x03, 0x4e,
+	0x53, 0x53, 0x12, 0x44, 0x0a, 0x0f, 0x47, 0x65, 0x74, 0x50, 0x61, 0x73, 0x73, 0x77, 0x64, 0x42,
+	0x79, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1d, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x64, 0x2e, 0x47, 0x65,
+	0x74, 0x50, 0x61, 0x73, 0x73, 0x77, 0x64, 0x42, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x52, 0x65, 0x71,
+	0x75, 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x64, 0x2e, 0x50, 0x61, 0x73,
+	0x73, 0x77, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x3b, 0x0a, 0x0e, 0x47, 0x65, 0x74, 0x50,
+	0x61, 0x73, 0x73, 0x77, 0x64, 0x42, 0x79, 0x55, 0x49, 0x44, 0x12, 0x15, 0x2e, 0x61, 0x75, 0x74,
+	0x68, 0x64, 0x2e, 0x47, 0x65, 0x74, 0x42, 0x79, 0x49, 0x44, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
+	0x74, 0x1a, 0x12, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x64, 0x2e, 0x50, 0x61, 0x73, 0x73, 0x77, 0x64,
+	0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x36, 0x0a, 0x10, 0x47, 0x65, 0x74, 0x50, 0x61, 0x73, 0x73,
+	0x77, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x12, 0x0c, 0x2e, 0x61, 0x75, 0x74, 0x68,
+	0x64, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x1a, 0x14, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x64, 0x2e,
+	0x50, 0x61, 0x73, 0x73, 0x77, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x12, 0x41, 0x0a,
+	0x0e, 0x47, 0x65, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x42, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x12,
+	0x1c, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x64, 0x2e, 0x47, 0x65, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70,
+	0x42, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x11, 0x2e,
+	0x61, 0x75, 0x74, 0x68, 0x64, 0x2e, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x45, 0x6e, 0x74, 0x72, 0x79,
+	0x12, 0x39, 0x0a, 0x0d, 0x47, 0x65, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x42, 0x79, 0x47, 0x49,
+	0x44, 0x12, 0x15, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x64, 0x2e, 0x47, 0x65, 0x74, 0x42, 0x79, 0x49,
+	0x44, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x11, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x64,
+	0x2e, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x34, 0x0a, 0x0f, 0x47,
+	0x65, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x45, 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x12, 0x0c,
+	0x2e, 0x61, 0x75, 0x74, 0x68, 0x64, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x1a, 0x13, 0x2e, 0x61,
+	0x75, 0x74, 0x68, 0x64, 0x2e, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x45, 0x6e, 0x74, 0x72, 0x69, 0x65,
+	0x73, 0x12, 0x44, 0x0a, 0x0f, 0x47, 0x65, 0x74, 0x53, 0x68, 0x61, 0x64, 0x6f, 0x77, 0x42, 0x79,
 	0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1d, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x64, 0x2e, 0x47, 0x65, 0x74,
-	0x50, 0x61, 0x73, 0x73, 0x77, 0x64, 0x42, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x52, 0x65, 0x71, 0x75,
-	0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x64, 0x2e, 0x50, 0x61, 0x73, 0x73,
-	0x77, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x3b, 0x0a, 0x0e, 0x47, 0x65, 0x74, 0x50, 0x61,
-	0x73, 0x73, 0x77, 0x64, 0x42, 0x79, 0x55, 0x49, 0x44, 0x12, 0x15, 0x2e, 0x61, 0x75, 0x74, 0x68,
-	0x64, 0x2e, 0x47, 0x65, 0x74, 0x42, 0x79, 0x49, 0x44, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x1a, 0x12, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x64, 0x2e, 0x50, 0x61, 0x73, 0x73, 0x77, 0x64, 0x45,
-	0x6e, 0x74, 0x72, 0x79, 0x12, 0x36, 0x0a, 0x10, 0x47, 0x65, 0x74, 0x50, 0x61, 0x73, 0x73, 0x77,
-	0x64, 0x45, 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x12, 0x0c, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x64,
-	0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x1a, 0x14, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x64, 0x2e, 0x50,
-	0x61, 0x73, 0x73, 0x77, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x12, 0x41, 0x0a, 0x0e,
-	0x47, 0x65, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x42, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1c,
-	0x2e, 0x61, 0x75, 0x74, 0x68, 0x64, 0x2e, 0x47, 0x65, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x42,
-	0x79, 0x4e, 0x61, 0x6d, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x11, 0x2e, 0x61,
-	0x75, 0x74, 0x68, 0x64, 0x2e, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12,
-	0x39, 0x0a, 0x0d, 0x47, 0x65, 0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x42, 0x79, 0x47, 0x49, 0x44,
-	0x12, 0x15, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x64, 0x2e, 0x47, 0x65, 0x74, 0x42, 0x79, 0x49, 0x44,
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x11, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x64, 0x2e,
-	0x47, 0x72, 0x6f, 0x75, 0x70, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x34, 0x0a, 0x0f, 0x47, 0x65,
-	0x74, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x45, 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x12, 0x0c, 0x2e,
-	0x61, 0x75, 0x74, 0x68, 0x64, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x1a, 0x13, 0x2e, 0x61, 0x75,
-	0x74, 0x68, 0x64, 0x2e, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x45, 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73,
-	0x12, 0x44, 0x0a, 0x0f, 0x47, 0x65, 0x74, 0x53, 0x68, 0x61, 0x64, 0x6f, 0x77, 0x42, 0x79, 0x4e,
-	0x61, 0x6d, 0x65, 0x12, 0x1d, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x64, 0x2e, 0x47, 0x65, 0x74, 0x53,
-	0x68, 0x61, 0x64, 0x6f, 0x77, 0x42, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x1a, 0x12, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x64, 0x2e, 0x53, 0x68, 0x61, 0x64, 0x6f,
-	0x77, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x36, 0x0a, 0x10, 0x47, 0x65, 0x74, 0x53, 0x68, 0x61,
-	0x64, 0x6f, 0x77, 0x45, 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x12, 0x0c, 0x2e, 0x61, 0x75, 0x74,
-	0x68, 0x64, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x1a, 0x14, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x64,
-	0x2e, 0x53, 0x68, 0x61, 0x64, 0x6f, 0x77, 0x45, 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x42, 0x2e,
-	0x5a, 0x2c, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x75, 0x62, 0x75,
-	0x6e, 0x74, 0x75, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x64, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e,
-	0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x64, 0x62, 0x06,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x53, 0x68, 0x61, 0x64, 0x6f, 0x77, 0x42, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x52, 0x65, 0x71, 0x75,
+	0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x64, 0x2e, 0x53, 0x68, 0x61, 0x64,
+	0x6f, 0x77, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x36, 0x0a, 0x10, 0x47, 0x65, 0x74, 0x53, 0x68,
+	0x61, 0x64, 0x6f, 0x77, 0x45, 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x12, 0x0c, 0x2e, 0x61, 0x75,
+	0x74, 0x68, 0x64, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x1a, 0x14, 0x2e, 0x61, 0x75, 0x74, 0x68,
+	0x64, 0x2e, 0x53, 0x68, 0x61, 0x64, 0x6f, 0x77, 0x45, 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x42,
+	0x2e, 0x5a, 0x2c, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x75, 0x62,
+	0x75, 0x6e, 0x74, 0x75, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x64, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72,
+	0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x64, 0x62,
+	0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
diff --git a/internal/proto/authd/authd.proto b/internal/proto/authd/authd.proto
index 00d2fff95..fdb727e24 100644
--- a/internal/proto/authd/authd.proto
+++ b/internal/proto/authd/authd.proto
@@ -43,8 +43,8 @@ message StringResponse {
 
 enum SessionMode {
   UNDEFINED = 0;
-  AUTH = 1;
-  PASSWD = 2;
+  AUTHENTICATE = 1;
+  CHANGE_PASSWORD = 2;
 }
 
 message SBRequest {
diff --git a/internal/services/pam/pam.go b/internal/services/pam/pam.go
index a707f159e..8ff275ec5 100644
--- a/internal/services/pam/pam.go
+++ b/internal/services/pam/pam.go
@@ -140,10 +140,10 @@ func (s Service) SelectBroker(ctx context.Context, req *authd.SBRequest) (resp *
 
 	var mode string
 	switch req.GetMode() {
-	case authd.SessionMode_AUTH:
-		mode = auth.SessionModeAuth
-	case authd.SessionMode_PASSWD:
-		mode = auth.SessionModePasswd
+	case authd.SessionMode_AUTHENTICATE:
+		mode = auth.SessionModeAuthenticate
+	case authd.SessionMode_CHANGE_PASSWORD:
+		mode = auth.SessionModeChangePassword
 	default:
 		return nil, status.Error(codes.InvalidArgument, "invalid session mode")
 	}
diff --git a/internal/services/pam/pam_test.go b/internal/services/pam/pam_test.go
index 43c85c239..e3f5fed87 100644
--- a/internal/services/pam/pam_test.go
+++ b/internal/services/pam/pam_test.go
@@ -197,8 +197,8 @@ func TestSelectBroker(t *testing.T) {
 
 		wantErr bool
 	}{
-		"Successfully select a broker and creates auth session":   {username: "success", sessionMode: auth.SessionModeAuth},
-		"Successfully select a broker and creates passwd session": {username: "success", sessionMode: auth.SessionModePasswd},
+		"Successfully select a broker and creates auth session":   {username: "success", sessionMode: auth.SessionModeAuthenticate},
+		"Successfully select a broker and creates passwd session": {username: "success", sessionMode: auth.SessionModeChangePassword},
 
 		"Error when not root":                             {username: "success", currentUserNotRoot: true, wantErr: true},
 		"Error when username is empty":                    {wantErr: true},
@@ -229,10 +229,10 @@ func TestSelectBroker(t *testing.T) {
 
 			var sessionMode authd.SessionMode
 			switch tc.sessionMode {
-			case auth.SessionModeAuth, "":
-				sessionMode = authd.SessionMode_AUTH
-			case auth.SessionModePasswd:
-				sessionMode = authd.SessionMode_PASSWD
+			case auth.SessionModeAuthenticate, "":
+				sessionMode = authd.SessionMode_AUTHENTICATE
+			case auth.SessionModeChangePassword:
+				sessionMode = authd.SessionMode_CHANGE_PASSWORD
 			case "-":
 				sessionMode = authd.SessionMode_UNDEFINED
 			}
@@ -571,7 +571,7 @@ func TestIDGeneration(t *testing.T) {
 			sbResp, err := client.SelectBroker(context.Background(), &authd.SBRequest{
 				BrokerId: mockBrokerGeneratedID,
 				Username: usernamePrefix + testutils.IDSeparator + tc.username,
-				Mode:     authd.SessionMode_AUTH,
+				Mode:     authd.SessionMode_AUTHENTICATE,
 			})
 			require.NoError(t, err, "Setup: failed to create session for tests")
 
@@ -812,7 +812,7 @@ func startSession(t *testing.T, client authd.PAMClient, username string) string
 	sbResp, err := client.SelectBroker(context.Background(), &authd.SBRequest{
 		BrokerId: mockBrokerGeneratedID,
 		Username: username,
-		Mode:     authd.SessionMode_AUTH,
+		Mode:     authd.SessionMode_AUTHENTICATE,
 	})
 	require.NoError(t, err, "Setup: failed to create session for tests")
 	return sbResp.GetSessionId()
diff --git a/pam/integration-tests/cli_test.go b/pam/integration-tests/cli_test.go
index efc32a70d..9d6f46e1c 100644
--- a/pam/integration-tests/cli_test.go
+++ b/pam/integration-tests/cli_test.go
@@ -219,7 +219,7 @@ func TestCLIAuthenticate(t *testing.T) {
 
 			localgroupstestutils.RequireGPasswdOutput(t, gpasswdOutput, golden.Path(t)+".gpasswd_out")
 
-			requireRunnerResultForUser(t, authd.SessionMode_AUTH, tc.clientOptions.PamUser, got)
+			requireRunnerResultForUser(t, authd.SessionMode_AUTHENTICATE, tc.clientOptions.PamUser, got)
 		})
 	}
 }
@@ -306,7 +306,7 @@ func TestCLIChangeAuthTok(t *testing.T) {
 			got := td.ExpectedOutput(t, outDir)
 			golden.CheckOrUpdate(t, got)
 
-			requireRunnerResult(t, authd.SessionMode_PASSWD, got)
+			requireRunnerResult(t, authd.SessionMode_CHANGE_PASSWORD, got)
 		})
 	}
 }
diff --git a/pam/integration-tests/native_test.go b/pam/integration-tests/native_test.go
index f373c1b6e..a9a353b22 100644
--- a/pam/integration-tests/native_test.go
+++ b/pam/integration-tests/native_test.go
@@ -341,7 +341,7 @@ func TestNativeAuthenticate(t *testing.T) {
 			localgroupstestutils.RequireGPasswdOutput(t, gpasswdOutput, golden.Path(t)+".gpasswd_out")
 
 			if !tc.skipRunnerCheck {
-				requireRunnerResultForUser(t, authd.SessionMode_AUTH, tc.clientOptions.PamUser, got)
+				requireRunnerResultForUser(t, authd.SessionMode_AUTHENTICATE, tc.clientOptions.PamUser, got)
 			}
 		})
 	}
@@ -435,7 +435,7 @@ func TestNativeChangeAuthTok(t *testing.T) {
 			golden.CheckOrUpdate(t, got)
 
 			if !tc.skipRunnerCheck {
-				requireRunnerResult(t, authd.SessionMode_PASSWD, got)
+				requireRunnerResult(t, authd.SessionMode_CHANGE_PASSWORD, got)
 			}
 		})
 	}
diff --git a/pam/integration-tests/vhs-helpers_test.go b/pam/integration-tests/vhs-helpers_test.go
index b7c4e5d7f..9966b8baf 100644
--- a/pam/integration-tests/vhs-helpers_test.go
+++ b/pam/integration-tests/vhs-helpers_test.go
@@ -478,9 +478,9 @@ func evaluateTapeVariables(t *testing.T, tapeString string, td tapeData, testTyp
 	}
 
 	addOptionalVariable(vhsCommandFinalAuthWaitVariable,
-		finalWaitCommands(testType, authd.SessionMode_AUTH))
+		finalWaitCommands(testType, authd.SessionMode_AUTHENTICATE))
 	addOptionalVariable(vhsCommandFinalChangeAuthokWaitVariable,
-		finalWaitCommands(testType, authd.SessionMode_PASSWD))
+		finalWaitCommands(testType, authd.SessionMode_CHANGE_PASSWORD))
 
 	for k, v := range variables {
 		variable := fmt.Sprintf("${%s}", k)
@@ -551,7 +551,7 @@ func finalWaitCommands(testType vhsTestType, sessionMode authd.SessionMode) stri
 	}
 
 	firstResult := pam_test.RunnerResultActionAuthenticate
-	if sessionMode == authd.SessionMode_PASSWD {
+	if sessionMode == authd.SessionMode_CHANGE_PASSWORD {
 		firstResult = pam_test.RunnerResultActionChangeAuthTok
 	}
 
diff --git a/pam/internal/pam_test/runner-utils.go b/pam/internal/pam_test/runner-utils.go
index 9b53c0327..b3a58a184 100644
--- a/pam/internal/pam_test/runner-utils.go
+++ b/pam/internal/pam_test/runner-utils.go
@@ -34,9 +34,9 @@ type RunnerAction authd.SessionMode
 
 const (
 	// RunnerActionLogin is the runner action for login operation.
-	RunnerActionLogin = RunnerAction(authd.SessionMode_AUTH)
+	RunnerActionLogin = RunnerAction(authd.SessionMode_AUTHENTICATE)
 	// RunnerActionPasswd is the runner action for passwd operation.
-	RunnerActionPasswd = RunnerAction(authd.SessionMode_PASSWD)
+	RunnerActionPasswd = RunnerAction(authd.SessionMode_CHANGE_PASSWORD)
 )
 
 // RunnerActionFromString gets the [RunnerAction] from its string representation.
diff --git a/pam/pam.go b/pam/pam.go
index d9e40228c..a14f7b665 100644
--- a/pam/pam.go
+++ b/pam/pam.go
@@ -198,7 +198,7 @@ func (h *pamModule) Authenticate(mTx pam.ModuleTransaction, flags pam.Flags, arg
 		return err
 	}
 
-	err = h.handleAuthRequest(authd.SessionMode_AUTH, mTx, flags, parsedArgs, logArgsIssues)
+	err = h.handleAuthRequest(authd.SessionMode_AUTHENTICATE, mTx, flags, parsedArgs, logArgsIssues)
 	if err != nil && !errors.Is(err, pam.ErrIgnore) {
 		return err
 	}
@@ -212,7 +212,7 @@ func (h *pamModule) Authenticate(mTx pam.ModuleTransaction, flags pam.Flags, arg
 func (h *pamModule) ChangeAuthTok(mTx pam.ModuleTransaction, flags pam.Flags, args []string) error {
 	parsedArgs, logArgsIssues := parseArgs(args)
 
-	err := h.handleAuthRequest(authd.SessionMode_PASSWD, mTx, flags, parsedArgs, logArgsIssues)
+	err := h.handleAuthRequest(authd.SessionMode_CHANGE_PASSWORD, mTx, flags, parsedArgs, logArgsIssues)
 	if errors.Is(err, pam.ErrPermDenied) {
 		return pam.ErrAuthtokRecovery
 	}
@@ -240,7 +240,7 @@ func (h *pamModule) handleAuthRequest(mode authd.SessionMode, mTx pam.ModuleTran
 	}
 	logArgsIssues()
 
-	if mode == authd.SessionMode_PASSWD && flags&pam.PrelimCheck != 0 {
+	if mode == authd.SessionMode_CHANGE_PASSWORD && flags&pam.PrelimCheck != 0 {
 		log.Debug(context.TODO(), "ChangeAuthTok, preliminary check")
 		c, closeConn, err := newClient(parsedArgs)
 		if err != nil {
@@ -269,7 +269,7 @@ func (h *pamModule) handleAuthRequest(mode authd.SessionMode, mTx pam.ModuleTran
 		return nil
 	}
 
-	if mode == authd.SessionMode_PASSWD {
+	if mode == authd.SessionMode_CHANGE_PASSWORD {
 		log.Debugf(context.TODO(), "ChangeAuthTok, password update phase: %d",
 			flags&pam.UpdateAuthtok)
 	}