[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Setting password non-interactively with PAM


When configured with PAM support, passwd from shadow-utils uses PAM to set
the password.

The newusers and chpasswd utilities are non-interactive tools to
create users or change users' passwords by batch.

I would like to use PAM also to set the passwords with these tools. So
that the passwords creation policy can be configured in a single place.

To do this, I implemented a non-interactive PAM conversation function.
Is this something insane or does it sounds good from a PAM point of view?

Also, what do you think should be the behavior of this conversation
function for PAM_PROMPT_ECHO_ON requests?
For PAM_ERROR_MSG and PAM_TEXT_INFO requests, I decided to just print the
message to stderr or stdout and return a NULL response.
For PAM_PROMPT_ECHO_ON requests, I currently decided to make the
conversation function fail and warn that modules requesting echoing are
not supported.

Best Regards,

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]