[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: RedHat 7.2 pam_unix.so and PAM_AUTHTOK?

Thanks for the links. The tip about the not_set_pass argument sounds like what
I was looking for, but unfortunately it did not fix the problem. With or without the option,
pam_unix is preventing the passwords from being available to my module. Maybe
this is a bug.

I replaced pam_unix.so with pam_pwdb.so in my stack list, and that allowed my
module to retrieve the passwords as expected, so I do not think the problem is
in my module or configuration. I guess I will have to go to the source to try to figure
out why pam_unix is clearing the password tokens. Maybe the module is
doing something that requires it to be the last in line for password management.


Please respond to pam-list@redhat.com

Sent by: pam-list-admin@redhat.com

To: pam-list@redhat.com
Subject: Re: RedHat 7.2 pam_unix.so and PAM_AUTHTOK?

On Wed, 2002-07-31 at 03:26, jkung@us.ibm.com wrote:
> Hi,
> >From what I have been able to observe on RedHat 7.2, the pam_unix.so
> password module clears the PAM_AUTHTOK and PAM_OLDAUTHTOK
> tokens so the next stacked password module can not call pam_get_item
> for the data. Is there an argument that can be passed to the pam_unix.so
> password module that will tell it to not clear the tokens?  I want to write
> a pam module that can be called after pam_unix.so, and I want to use
> the passwords that were previously entered by the user.  If I missed some
> documentation or a previous thread on this, I apologize and would
> appreciate a pointer to the info.

Use the argument 'use_first_pass' for your module.


password required pam_unix.so <arguments>
password required my_module use_first_pass <other arguments>

try_first_pass should work too.

See also:

Also check that this is NOT set:

"The not_set_pass argument is used to inform the module that it is not
to pay attention to/make available the old or new passwords from/to
other (stacked) password modules."

That's from

Failing that, set debug and poke around in the source to see what it's
doing wrong.

Jenn V.

jenn@anthill.echidna.id.au     http://anthill.echidna.id.au/~jenn/

Pam-list mailing list

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []