[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: Is this legitimate? (Module/application interaction.)

On 04-Nov-98 Allan Bjorklund wrote:
>   I have a situation where I want to return some data from a module
> to
> the application.
>   Applications are not allowed to use the pam_[g|s]et_data functions.
>   What if I used the appdata_ptr of the pam_conv structure to point
> to
> a structure the module could fill in?
>    The first item of the structure would be a tag line, and if the
> module saw that tag line (and appdata_ptr != NULL) it would know it
> was
> safe to fill in the structure and the application would check it
> after
> the PAM calls.  Otherwise it would just do its PAM action and not
> return
> the data to the application.
>    Is this legitimate?  I don't see anything in the
> [module|application]
> writers guide or X/Open RFC 86.0 to prohibit this.
> --Allan

   Never mind.  I just found the text that implies I can't do this.

   Section 7.3 of X/Open rfc 86.0:

     ... we have designed the PAM API's to not return any data to the
     application, except status.

   Though in section 11 it says:

     One possible extension to PAM is to allow the passing of
     module-specific data between applications and PAM modules.

   Which would help me out if that work had been done.  I can do the
authentication inside a module, but the authentication routine returns
pieces that need to be propogated back up to the application. <sigh>


  Allan Bjorklund                  |                  allan@umich.edu
  Systems Research Programmer      |           University of Michigan
  Information Technology Division  |               535 W. William St.
  1-(734)-763-9391                 |              Ann Arbor, MI 48103

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []