[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: xlockmore (pam)

On Mon, 9 Sep 1996, Andrew Morgan wrote:

> Unfortunately, shadow may optionally contain md5 etc passwords.. So
> unless the application you propose know's as much as the
> pam_whatever.so that xlock is configured to use, we're going to have
> trouble.

I was actually thinking of the helper program being called from the PAM
module. Apps would still be PAMified.

> The idea of having a helper program though is nice. Perhaps we might
> have an executable (suid) called 'passme', that reads a single
> (cleartext password) line from stdin and exits with 0 if the password
> matches that of the user (deduced from ruid), and 1 if it doesn't.

This may be a better idea for the reasons both you and Ted have pointed
out. It would be more difficult to work it into the generic PAM scheme
though. If the "passme" program is considered part of pam_unix.so it's 
not really a concern though.


   Always hoped that I'd be an apostle. Knew that I would make it if I tried.
     Then when we retire we can write the gospels so they'll all talk about
       us when we've die. - "The Last Supper" from Jesus Christ Superstar
|   Erik Troan   =   http://sunsite.unc.edu/ewt/   =   ewt@sunsite.unc.edu    |

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []