[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: use_authtok -- what purpose?



Michael Tokarev wrote:
> 
> Hello!
> 
> I'm now in process of writing a module that, like pam_cracklib, checks
> user's password for "goodness" (actually, I want to fix many small bugs
> in pam_cracklib -- and make it available, ofcource).  And I found (a sort of)
> bug in pam_cracklib in usage of use_authtok parameter.  And here is question:
> what we should do if:
>   use_authtok is set to yes
>   but pam_get_item(PAM_AUTHTOK) returns error or empty (or NULL) password ?
> 
> I see two choices, namely, just return error (PAM_AUTHTOK_RECOVER_ERR?), or,
> alternatively, ask user as if use_authtok was not set.  What should be done?

http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam_modules-4.html

Cheers

Andrew



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []