[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Simple conversation function / linking w/ pam_pwdb



Hi,

Thanks for the specs... would be handy if I get around to do it :-)

Jim Dennis wrote:
> 	He  may be using PGP or  RIPEM  mail or  SSL  web pages (heck,
> 	maybe even S-HTTP --  if he could find a  client to support it) 
> 	to get the old and new passwords "in hand."

Yup, SSL is what I have in mind.  

But, [off-topic to the PAM list], what's the difference between
web password changers, and poppassd?  Or even telnetting to the host
and running passwd (though the characters of the passwords may
come in through separate packets due to typing speed)

> 	He was probably talking about an 'expect' script that opens
> 	a telnet to localhost -- then attempts to login in using
> 	the (alleged) "old" password -- to then run the new password.
> 
> 	This expect script would have to handle a few variations of 
> 	the user's shell (in particular the variation where the 
> 	user's shell *is* /bin/passwd -- which is a common part of 
> 	restricting users to non-interactive logins).

Yup, I have a CGI script that does that, Perl code which spawns off
an expect script, for an interactive (shell) account.  It works
around half of the time (unless an Expect guru here wants to take
a crack at debugging it)

My current attempt at rewriting SimplePAMApps passwd.c just segfaults,
and I've not a clue since it faults inside pam_pwdb.so!

-- 
Miguel A.L. Paraz                                              +63-2-750-2288
IPhil Communications, Makati City, Philippines           http://www.iphil.net



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []