[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [patch] pam_unix_passwd PAM_AUTHTOK stacking bug



On Sun, Aug 04, 2002 at 01:40:19AM -0700, Matt Piotrowski wrote:
> > The stacked module thinks no such thing:  the presence of PAM_AUTHTOK
> > and PAM_OLDAUTHTOK only indicates that the user has /input/ these
> > values, it says nothing at all about whether the password has been
> > changed.  Modules should not in fact presume to know anything at all
> > about other modules in the stack.

> The Linux-PAM Module Writer's Guide states in section 2.1 that 
> PAM_AUTHTOK (during a password change) "contains the currently active 
> authentication token".  This is not true for the situation I described 
> in my previous post.

I fear this is a case of poor wording in the Module Writer's Guide, then.
In pam_sm_chauthtok(), the PAM_AUTHTOK item contains the *proposed* new
authentication token.  It is confusing to refer to it as the "currently
active authentication token", since there are several authentication
tokens that could fit this description while in the process of changing
passwords.

Steve Langasek
postmodern programmer

Attachment: pgp00001.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []