[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Using pam to check a known password.



> 
> Learned PAMsters, I have a problem.  I want to use PAM to check a
> password that is already in the application's possession, but PAM's
> design is making it difficult.

Sure, it does.

> Is there a way to ask PAM: "here's a username and password, do they
> belong together?"
> 
> ...or is my application to assume that when a module asks it to turn off
> character echoing it should send back the plaintext password?

The real problem is in having to use such flawed assumptions with
current PAM modules, not just the extra complexity.

I've implemented a pam_userpass module, as suggested by Andrew
Morgan, that removes the need for such assumptions with the use of
binary prompts.  A draft version of the module you can get at:

	ftp://ftp.openwall.com/pvt/pam_userpass-0.1.tar.gz

Note that binary prompts are specific to Linux-PAM. :-(  This module
also requires a recent version of Linux-PAM to compile, such as 0.72.

I am posting this as a reply to your question; the module itself can
still change and should probably not be used at this stage.

Signed,
Solar Designer



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []