[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: setting PAM_AUTHTOK from an application



Michael K. Johnson wrote:
> Should we make it not work in the PAM framework?  On entry into the
> framework, should PAM_AUTHTOK be null'ed out?  Or do we do that already,
> making his code not only wrong, but broken?  I haven't tried running
> it, I just think it is nonsensical...  :-)

This seems a bit draconian. However, if it is what it takes to get people to
follow the spec. it might be needed.

I'm inclined to feel that this is a good idea. It's more of a debugging
thing really, but I guess it could be seen as a security feature.

Comments?

Andrew
-- 
               Linux-PAM, libpwdb, Orange-Linux and Linux-GSS
                  http://parc.power.net/morgan/index.html
       [ For those that prefer FTP  ---  ftp://ftp.lalug.org/morgan ]



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []