[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: New features for pam_userdb



> 	For example, you can do something like this:
> 
> 		ssh -l gate@gateway.mydomain.com
> 		Password: username password (Not visible!)
> 
> 	This is useful in gateways to authenticate users without giving
> 	each user his/her own account (for security).

Why should this feature be partially implemented in a PAM module,
when it needs support elsewhere, anyway?  I don't think this hack
is worth it.

> + 	user_env = alloca(22 + key_only_len);
> + 	strcpy(user_env, "PAM_USER_IN_PASSWORD=");
> + 	strncat(user_env + 21, user, key_only_len);
> +         pam_putenv(pamh, user_env);

No NUL termination here.

> + 	} else if (ctrl & PAM_CRYPT) {
> + 	    char salt[3] = "xx";
> + 	    strncpy(salt, data.dptr, 2);
> + 	    compare = strncmp(crypt(pass,salt), data.dptr, data.dsize);

This is overly complicated and will only work for the obsolete
traditional crypt(3).  You don't need this truncation to 2 chars.

Signed,
Solar Designer





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []