[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Missing prompt item in PAM



Michael K. Johnson wrote:
> If you'd rather have a more general hint that says "Expose user
> name data while requesting authentication information", that's
> fine with me.  Would that make sense to you?

I guess I missed this one. Sorry.

Do you mean a hook to say 'hey module, its ok to be explicit about who
the authentication info is for'? If you do, then isn't this really what
module arguments are for?

> My more recent suggestion would handle that just fine.

> There some application domains where you want to hide as much
> information as possible to limit the information a cracker has to
> start with, and others where keeping that information (in this case,
> the user name) secret is only an inconvenience.  Why not let the
> app tell pam which domain it is in?

Why not let the admin decide with a suitable /etc/pam.d/'app' file?

Cheers

Andrew



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []