[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Bug in handling of AUTHTOK item

OK, the part below seems quite reasonable




Nicolas Williams wrote:
> Also, the comments in the source indicate that the reason for the
> current handling of the PAM_*AUTHTOK items is that the XSSO spec says
> that the application shouldn't have access to them. That's one thing,
> but to not preserve the tokens across PAM calls is another.
> I think a change could be made such that pam_get_item() uses a flag in
> the pam_handle to determine wether it's being called by the application
> or by a module and acct accordingly. This flag would be set/unset when
> entering/exiting the pam_authenticate(), pam_acct_mgmt(), pam_setcred(),
> pam_open_session(), pam_close_session(), pam_chauthtok() and the
> converse support function.
> Thus preserving the spec semantics.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []