[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PAMifying network apps

Mike Frisch writes:
>char user[256];	/* arbitrary value */

Because you pass the user to pam_start, you shouldn't need this.

>  for (count = 0; count < num_msg; count++) {
>    switch (msg[count]->msg_style) {
>      case PAM_PROMPT_ECHO_ON:
>        GET_MEM;
>        reply[replies].resp_retcode = PAM_SUCCESS;
>        reply[replies++].resp = COPY_STRING(user);
>          /* PAM frees resp */
>        break;

I suggest instead "return PAM_CONF_ERR;" here; it shouldn't ask for
the user name.  (I know, you were copying my code; I wouldn't write
it the same way now that I did then.)  If you do this, you don't
need the "user" variable to be file-scope.

>Program exits with failed authentication (PAM_AUTH_ERR).

Turn on debugging and see exactly how it is failing.  You may be able
to find some stuff in your /var/log/messages file now; you can rebuild
the PAM library with debugging and view the debugging log it puts in
/tmp/ if the messages file isn't any help.


"Magazines all too frequently lead to books and should be regarded by the
 prudent as the heavy petting of literature."            -- Fran Lebowitz

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []