pausing the stack?
Joe Lewis
joe at joe-lewis.com
Wed Jul 7 15:47:34 UTC 2004
Sometimes a second module will prompt for the password, and since the
first one already did, it may not be the module. (One possibility is to
use the try_first_pass in the configuration file and see if the
secondary prompt goes away).
Joe
Jason Gerfen wrote:
> I am running into a problem with a module I have been working on with a
> co-worker... below is short summary of what is occuring and the
> functions it performs;
>
> 1. reads a config file into arguments
> 2. looks at local accounts for current pam_get_user()
> 3. if no local acct. present connects to ldap and looks for user
> 4. if user present in ldap the local account gets created so the
> pam_krb5 module can map the ticket to the local account
>
> my problem is this, everything is working but currently you have to
> input your username & password combination twice due to the account
> creation process. I have tried the following trying to get it working;
>
> 1. tried forking the local account creation
> 2. tried forking the local account home directory setup
> 3. tried forking the ldap search
> 4. tried forking the entire pam_sm_authenticate() functions which
> resulted in everything else showing up in the logs after pam_krb5 ran
>
> I need to know of a way maybe in the configuation of the pam stack to
> require it to pause before moving on to the next pam module in the list...
>
> any help on this would be great, oh yeah i can't use the
> pam_mkhomedir.so because the account and home directory information
> needs to be present *prior* to kerberos and the ticket mapping portion
> of their authentication. =)
>
More information about the Pam-list
mailing list