[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: non-interactive authentications...



On Wed, Aug 19, 1998 at 06:54:05PM +0200, Ingo Luetkebohle wrote:
> On Wed, 19 Aug 1998, Andrew Morgan wrote:
> > For other applications like POP, perhaps we need to beef up the
> > protocol to support more elaborate authentication exchanges,
> 
> Well, yes and no. I did a USER/PASS pop-module, that does exactly the thing
> you outlined for ftp, except for POP3 of course.
> 
> The one bad thing about it is that the *client* can decide wether to use
> digest (APOP) authentication or a USER/PASS style authentication. After the
> server advertises what it supports, the client makes its decision by the
> way it replies, and the reply already contains whole or part of the
> authentication data. What that means is that the PAM module has to be smart
> enough to figure out what it got back from the application. 
> 
> My solution for this was to return the style of authentication in the
> resp_retcode field of the pam_response structure. Perhaps not pretty, but
> it works.

I want to mention that for real PAMification of POP server similar to
ftp PAMification proposed by Andrew you need a POP client software which
is able to display server messages like
	+OK now please enter your birthday date
and to send user typed text to server arbitrary number of times.

Best wishes
					Andrey V.
					Savochkin



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []