[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

pam_password.c question



Hi--

I have a question about the following lines in pam_password.c:

int pam_chauthtok(pam_handle_t *pamh, int flags)
{
   [...]

    /* first loop through to check if there will be a problem */

    if ((retval = _pam_dispatch(pamh, flags|PAM_PRELIM_CHECK
				, PAM_CHAUTHTOK)) == PAM_SUCCESS) {
	retval = _pam_dispatch(pamh, flags|PAM_UPDATE_AUTHTOK
			       , PAM_CHAUTHTOK);
    }
    [...]

    return retval;
}

I am wondering why it is necessary to call _pam_dispatch twice?  Is
this part of the specification?  

I am surprised that this double calling is enforced by the framework,
when some/many modules do not need a separate pass for preliminary
checks.  

I am tempted to omit the preliminary check in my port of the
framework, but would like to understand the implications before doing
so.

Thank you.

--kt (ktb@sgi.com)



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []