[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Using PAM with Apache



Ingo Luetkebohle wrote:
> I thought about faking the conversation function but since I don't know
> what PAM expects me to return (I just know that I have to return
> _something_), that seems to be impossible. I also thought about using the
..

This is how many of the applications that Red Hat ships work. It will limit
the number of ways that you can authenticate users to being simply
username+password schemes. But this is all you probably want for the time
being.

You should make a simple conversation function that can handle one
PAM_PROMPT_ECHO_ON (returning the username) and one PAM_PROMPT_ECHO_OFF
(returning the password) only. If the conversation function is asked for
more than this, you should probably return PAM_CONV_ERR.

People writing new applications and wishing to support PAM should not do
things this way. Doing so, is trying to fit a square peg into a round hole.
However, in certain legacy applications and where protocols do not allow for
the felxibility inherent in PAM, it is probably the best one can do.

Good luck

Andrew
-- 
               Linux-PAM, libpwdb, Orange-Linux and Linux-GSS
                  http://parc.power.net/morgan/index.html
       [ For those that prefer FTP  ---  ftp://ftp.lalug.org/morgan ]



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []