[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: non-interactive authentications...



Ingo Luetkebohle writes:
> My solution for this was to return the style of authentication in the
> resp_retcode field of the pam_response structure. Perhaps not pretty, but
> it works.

Another, slightly more flexible approach, might be for your
conversation function to prepend some textual indicator of the flavor
of response when returning it to the module..  A pam_pophack module
would then,

	1.  authenticate if it is an APOP authentication and return
	    PAM_SUCCESS or PAM_AUTH_ERR.
	2.  if it is a user/password pair, it would set PAM_USER and
	    PAM_AUTHTOK appropriately and then return PAM_IGNORE.

In this way something like

	auth sufficient pam_pophack.so
	auth required   pam_pwdb.so use_first_pass

would mimic the 'traditional' behavior.

Just a thought.

Cheers

Andrew



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []