[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Missing prompt item in PAM

Andrew Morgan writes:
>The problem is that the application doesn't know which password is being
>asked for. SAMBA, UNIX, homebrew, ...?

Fine.  But let's solve the problem, not tuck our heads into the sand.
I noticed that you didn't respond to one of my questions before, so I
will ask again:

If you'd rather have a more general hint that says "Expose user
name data while requesting authentication information", that's
fine with me.  Would that make sense to you?

>I'm not sure how the case where the admin arranges that you are asked
>for two passwords, UNIX and then SAMBA will look. I'm pretty sure you
>can manage this with environment variables from the stack:
> UNIX password for morgan:
> SAMBA password for SMORGAN:
>but the application does not have enough granularity to do it easily:
> Password for morgan: 
> Password for morgan:

My more recent suggestion would handle that just fine.

There some application domains where you want to hide as much
information as possible to limit the information a cracker has to
start with, and others where keeping that information (in this case,
the user name) secret is only an inconvenience.  Why not let the
app tell pam which domain it is in?


"Magazines all too frequently lead to books and should be regarded by the
 prudent as the heavy petting of literature."            -- Fran Lebowitz
 Linux Application Development     http://people.redhat.com/johnsonm/lad/

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []