[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Using PAM with Apache

Ingo Luetkebohle wrote:
> I thought about faking the conversation function but since I don't know
> what PAM expects me to return (I just know that I have to return
> _something_), that seems to be impossible. I also thought about using the

This is how many of the applications that Red Hat ships work. It will limit
the number of ways that you can authenticate users to being simply
username+password schemes. But this is all you probably want for the time

You should make a simple conversation function that can handle one
PAM_PROMPT_ECHO_ON (returning the username) and one PAM_PROMPT_ECHO_OFF
(returning the password) only. If the conversation function is asked for
more than this, you should probably return PAM_CONV_ERR.

People writing new applications and wishing to support PAM should not do
things this way. Doing so, is trying to fit a square peg into a round hole.
However, in certain legacy applications and where protocols do not allow for
the felxibility inherent in PAM, it is probably the best one can do.

Good luck

               Linux-PAM, libpwdb, Orange-Linux and Linux-GSS
       [ For those that prefer FTP  ---  ftp://ftp.lalug.org/morgan ]

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []