[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Bug in handling of AUTHTOK item



But this is not a bug. This is very much designed behavior.

The whole point of PAM is that the modules drive authentication. Having
the application drive the authentication and then tell PAM what to do is
putting the cart before the horse. Why even bother calling
pam_authenticate()?

There are multiple ways to solve this problem. The most expedient one is
the hack that currently exists - make the conversation function provide
a cached password. A cleaner one involves using Solar Designer's
userpass module.

Cheers

Andrew

Nicolas Williams wrote:
> 
> I think it would be best to fix LinuxPAM here. I'll write a patch.
> 
> Nico
> 
> On Tue, Jan 16, 2001 at 09:56:14AM +1100, Luke Howard wrote:
> >
> > We had a similar issue with the Mac OS X port of Linux-PAM,
> > because of the design of loginwindow.
> >
> > So that we didn't change the behaviour of PAM, we added a
> > PAMAuthenticateWithoutSanitizing() function to the
> > loginwindow plugin which did not destroy the AUTHTOK
> > before dispatch. Of course, this depends on knowledge
> > of private API.
> >
> >
> > -- Luke
> >
> > --
> > Luke Howard | lukeh@padl.com
> > PADL Software | www.padl.com
> >
> >
> >
> > _______________________________________________
> > Pam-list mailing list
> > Pam-list@redhat.com
> > https://listman.redhat.com/mailman/listinfo/pam-list
> --
> 
> _______________________________________________
> Pam-list mailing list
> Pam-list@redhat.com
> https://listman.redhat.com/mailman/listinfo/pam-list





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []