[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Simple conversation function / linking w/ pam_pwdb



> Return-Path: pam-list-request@redhat.com 
> Return-Path: pam-list-request@redhat.com
> Received: from redhat.com (uucp@localhost) by antares.starshine.org (8.8.3/8.7.3) with UUCP id HAA20670 for jimd@starshine.org; Tue, 16 Sep 1997 07:09:50 -0700
> Received: from mail2.redhat.com by hustle.rahul.net with SMTP id AA23529
>   (5.67b8/IDA-1.5 for <jimd@starshine.org>); Tue, 16 Sep 1997 06:12:41 -0700
> Received: (qmail 13522 invoked by uid 501); 16 Sep 1997 12:54:05 -0000
> Resent-Date: 16 Sep 1997 12:54:05 -0000
> Resent-Cc: "recipient.list.not.shown":    ;
> Mbox-Line: From pam-list-request@redhat.com  Tue Sep 16 08:54:05 1997
> From: "Miguel A.L. Paraz" <map@iphil.net>
> Message-Id: <199709161253.UAA21103@marikit.iphil.net>
> Subject: Re: Simple conversation function / linking w/ pam_pwdb
> To: pam-list@redhat.com
> Date: Tue, 16 Sep 1997 20:53:54 +0800 (HKT)
> In-Reply-To: <199709160726.AAA18292@antares.starshine.org> from "Jim Dennis" at Sep 16, 97 00:26:22 am
> Content-Type: text
> Resent-Message-Id: <"BQGP5.0.3J3.i5e7q"@mail2.redhat.com>
> Resent-From: pam-list@redhat.com
> Reply-To: pam-list@redhat.com
> X-Mailing-List: <pam-list@redhat.com> archive/latest/2439
> X-Loop: pam-list@redhat.com
> Precedence: list
> Resent-Sender: pam-list-request@redhat.com
> X-Url: http://www.redhat.com
> 
> Hi,
> 
> Thanks for the specs... would be handy if I get around to do it :-)
> 
> Jim Dennis wrote:
>> 	He  may be using PGP or  RIPEM  mail or  SSL  web pages (heck,
>> 	maybe even S-HTTP --  if he could find a  client to support it) 
>> 	to get the old and new passwords "in hand."
> 
> Yup, SSL is what I have in mind.  
> 
> But, [off-topic to the PAM list], what's the difference between
> web password changers, and poppassd?  Or even telnetting to the host
> and running passwd (though the characters of the passwords may
> come in through separate packets due to typing speed)

	I've never used popppaswd -- but it probably just uses
	the 'crypt()' call and directly modifies the passwd/shadow
	file.

	telnet'ing in uses the /bin/passwd command.  Essentially
	the 'expect' does the same thing under script control --
	it does this to avoid all the questions of "was this 
	the user's real passwd -- just telnet to localhost and
	use the username/passwd pair to verify that the "old"
	password is correct.
 
>> He was probably talking about an 'expect' script that opens
>> a telnet to localhost -- then attempts to login in using
>> the (alleged) "old" password -- to then run the new password.
>>
>> This expect script would have to handle a few variations of 
>> the user's shell (in particular the variation where the 
>> user's shell *is* /bin/passwd -- which is a common part of 
>> restricting users to non-interactive logins).
> 
> Yup, I have a CGI script that does that, Perl code which spawns off
> an expect script, for an interactive (shell) account.  It works
> around half of the time (unless an Expect guru here wants to take
> a crack at debugging it)

	Actually my prototype used comm.pl (a perl library that
	provide many of 'expect's' features).  That site had a 
	requirement that all "sysadmin" code be written in Perl
	or C -- no awk, sh, Python, or TCL/expect.  This was to
	insure that their SA's would have *some* hope of maintaining
	it.

> My current attempt at rewriting SimplePAMApps passwd.c just segfaults,
> and I've not a clue since it faults inside pam_pwdb.so!
 

	I'm not a C coder.  Hopefully other members of the list can
	help.

--
Jim Dennis  (800) 938-4078		consulting@starshine.org
Proprietor, Starshine Technical Services:  http://www.starshine.org
        PGP  1024/2ABF03B1 Jim Dennis <jim@starshine.org>
        Key fingerprint =  2524E3FEF0922A84  A27BDEDB38EBB95A 



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []