[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Bug in handling of AUTHTOK item



OK, the part below seems quite reasonable

http://sourceforge.net/bugs/?func=detailbug&bug_id=129027&group_id=6663

Cheers

Andrew

Nicolas Williams wrote:
> Also, the comments in the source indicate that the reason for the
> current handling of the PAM_*AUTHTOK items is that the XSSO spec says
> that the application shouldn't have access to them. That's one thing,
> but to not preserve the tokens across PAM calls is another.
> 
> I think a change could be made such that pam_get_item() uses a flag in
> the pam_handle to determine wether it's being called by the application
> or by a module and acct accordingly. This flag would be set/unset when
> entering/exiting the pam_authenticate(), pam_acct_mgmt(), pam_setcred(),
> pam_open_session(), pam_close_session(), pam_chauthtok() and the
> converse support function.
> 
> Thus preserving the spec semantics.





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []