[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Old Authtok when changing passwords



Indeed, it's not very pretty to try to save the password from the
conversation function, but it is a workaround, and it is portable.

Just save all the no echo prompts' returns and try each in succession
as the old authtok till pam_chauthtok() succeeds or all of those tokens
fail.

But yes, I too have been mystified by a few silly things in PAM:

 - Why not allow the app to save the authtok? After all it has done the
   prompting, so it oissesse the authtoks, just not in a convenient way

 - Why not allow pam_authenticate() to return PAM_NEWAUTHOTK_REQD? This
   can't be changed backwards compatibly now without also adding a new
   API by which an app may indicate to PAM which version of PAM it
   supports.

Cheers,

Nico


On Tue, Apr 16, 2002 at 03:47:09PM +0200, Thorsten Kukuk wrote:
> On Tue, Apr 16, Nicolas Williams wrote:
> 
> > Are you in control of the conversation function?
> 
> Yes, but this does not help, I don't know if secureRPC or whatever
> is used or not, so I have to parse all strings and compare it with
> a database, which PAM modules uses which string for which query.
> Not something I would call "portable". And you have to modify every
> package, I would like to handle this complete in the PAM module.
> 
>   Thorsten
> 
> -- 
> Thorsten Kukuk       http://www.suse.de/~kukuk/        kukuk@suse.de
> SuSE Linux AG        Deutschherrenstr. 15-19       D-90429 Nuernberg
> --------------------------------------------------------------------    
> Key fingerprint = A368 676B 5E1B 3E46 CFCE  2D97 F8FD 4E23 56C6 FB4B
> 
> 
> 
> _______________________________________________
> Pam-list mailing list
> Pam-list@redhat.com
> https://listman.redhat.com/mailman/listinfo/pam-list
-- 
-DISCLAIMER: an automatically appended disclaimer may follow. By posting-
-to a public e-mail mailing list I hereby grant permission to distribute-
-and copy this message.-

Visit our website at http://www.ubswarburg.com

This message contains confidential information and is intended only 
for the individual named.  If you are not the named addressee you 
should not disseminate, distribute or copy this e-mail.  Please 
notify the sender immediately by e-mail if you have received this 
e-mail by mistake and delete this e-mail from your system.

E-mail transmission cannot be guaranteed to be secure or error-free 
as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses.  The sender therefore 
does not accept liability for any errors or omissions in the contents 
of this message which arise as a result of e-mail transmission.  If 
verification is required please request a hard-copy version.  This 
message is provided for informational purposes and should not be 
construed as a solicitation or offer to buy or sell any securities or 
related financial instruments.





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []