How to save a copy of user's input password?

Andy hewanxiang at gmail.com
Tue Jul 21 06:22:03 UTC 2009


On Tue, Jul 21, 2009 at 1:53 PM, Thorsten Kukuk<kukuk at suse.de> wrote:
> On Tue, Jul 21, Andy wrote:
>
>> Hi all,
>> My pam version is 1.1.0, I use it to authenticate users.
>> My case is, when pam finished it's auth, that is after
>> pam_authenticate(pamh, o) & pam_acct_mgmt(pamh, 0),
>> I want to save a copy of user's password if it's valid, but I can not
>> find any API to fulfill my needs.
>> I tried pam_get_item(pamh, PAM_AUTHTOK, (const void
>> **)&copy_of_passwd), but it returns a "bad item passed to
>> pam_*_item()", now I have no idea. :(
>
> As written in the documentation, this is not possible. And
> as your application does not know in which form the authentication
> was done, it doesn't make sense, too. Who says that a password
> was used for authentication? The admin could have decided to
> use finger prints instead or whatever else.
>

But now, in PAM, "pam_authenticate(...)" function gives a promt
"Password:" to let the user type in a password, we really have no way
to get a copy of user's input ?

I saw some code in google, something like below:

    char *pass = NULL;
    int retval;

    /* Get the authtok; if we don't have one, silently fail. */
    retval = pam_get_item( pamh, PAM_AUTHTOK, (const void **) &pass );

    if (retval != PAM_SUCCESS) {
        _log_err( LOG_ALERT
                  , "pam_get_item returned error to pam_sm_authenticate" );
        return PAM_AUTHTOK_RECOVER_ERR;
    } else if (pass == NULL) {
        return PAM_AUTHTOK_RECOVER_ERR;
    }

I guess this may try to retrieve a copy of  authtok(password ??), but
now ( version1.1.0 ), PAM_AUTHTOK seems not be supported anymore.

Thanks.

-Andy




More information about the Pam-list mailing list