[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Using pam to check a known password.

On 11 Apr 2000, Andrew Donkin wrote:

> Learned PAMsters, I have a problem.  I want to use PAM to check a
> password that is already in the application's possession, but PAM's
> design is making it difficult.

Do you have the option of rewriting the application so that it prompts for
passwords directly from the user?

> Is there a way to ask PAM: "here's a username and password, do they
> belong together?"

No, there is not.  The reason for this is multiple PAM modules in the
authentication stack may prompt for *different* passwords.

> wuftp achieves this by having the conversation function return the
> password when it is given what looks like a password prompt.

> ...or is my application to assume that when a module asks it to turn off
> character echoing it should send back the plaintext password?

Unfortunately, this is the method that's been used frequently when modifying
applications that have limiting protocols.  What you get is an application
that only works with only some PAM modules, but sometimes, this seems to be
the only way.

What kind of application are you adding PAM support to?

Steve Langasek
postmodern programmer

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []