[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: non-interactive authentications...

On Wed, 19 Aug 1998, Andrew Morgan wrote:
> For other applications like POP, perhaps we need to beef up the
> protocol to support more elaborate authentication exchanges,

Well, yes and no. I did a USER/PASS pop-module, that does exactly the thing
you outlined for ftp, except for POP3 of course.

The one bad thing about it is that the *client* can decide wether to use
digest (APOP) authentication or a USER/PASS style authentication. After the
server advertises what it supports, the client makes its decision by the
way it replies, and the reply already contains whole or part of the
authentication data. What that means is that the PAM module has to be smart
enough to figure out what it got back from the application. 

My solution for this was to return the style of authentication in the
resp_retcode field of the pam_response structure. Perhaps not pretty, but
it works.

	Ingo Luetkebohle / netdancer@irc / ingo@blank.pages.de
dev/consulting Gesellschaft fuer Netzwerkentwicklung und -beratung mbH
url: http://www.devconsult.de/ - fon: 0521-1365800 - fax: 0521-1365803 

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []