[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: stacking semantics with password components ?



Sorry to take so long to say something on this. All that is written on
this is here:

ftp://linux.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam_modules-3.html#ss3.5

The idea being that the app calls pam_chauthtok() and libpam runs
through the 'password' stack twice, the first time to do the necessary
prerequisite input and checking and the second time to actually do the
update.

Basically, if the module can't do its thing, it needs to announce the
fact and if possible on the first pass. If it has to fail for the first
time on the second pass, then be sure to document it and the
corresponding return code and let the admin configure the behavior they
want to see.

I hope that helps.

Cheers

Andrew

Manikchand wrote:
> 
> Hi,
> 
> I'm looking for answer & any links/doc. to the following
> 
> 1. How should pam deal with partial failures when changing passwords.
> 2. Do password module need to take any action on partial failures when
> changing password.
> 
> Thanks & Regards,
> Manik
> 
> --
> 
> Manikchand R. Bafna
> HP, 29c Cunnigham Road
> Bangalore-52 ph:2251554 extn:1470
> 
> --
> To unsubscribe: mail -s unsubscribe pam-list-request@redhat.com < /dev/null



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []