[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: 2nd Qs: proposed description of new pam_unix



Andrew Morgan wrote:
> 
[PAM_PRELIM_CHECK/PAM_UPDATE]
> This usage is a feature. One can interpret "checking the availability of
> resources" to mean "check if its ok right now for the current applicant
> (PAM_RUSER) to change the user's (PAM_USER) authentication token". If
> you read it this way, then as part of the 'prelim' check it seems
> acceptable to verify that they know the current authtoken (password)
> they are about to replace.
> 
> This is the interpretation we've adopted. The reason we adopted this
> interpretation is that it makes it possible to transparently support a
> plug-in new-password strength checker. If you wait for the 'update'
> cycle to do this preliminary check, its not clear where in the stack you
> can plug the strength checker and have it work.

This was exactly the "problems stacking modules" about that I told
in my first post.

Thanks.





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []