Conversation function with both user and password prompt
Richter, Jörg
Joerg.Richter at pdv-FS.de
Wed Sep 26 08:58:40 UTC 2007
>>> I can also imagine a pam module that queries user and
>>> password with one conversation call and stores it in
>>> pam_handle_t. Than tell pam_unix somehow to use this items
>>> instead of making new calls.
>>> Is this possible? Does this imaginary pam module exist?
>
>If you follow the recommendations in the pam module programmer's docs,
>even this is not clean, as it
>handles only the case, where you need exactly one user name and one
>(passive) password to be queried.
>
>A well written module doesn't call the conversation function
>itself, but
>simply issues a call to pam_get_item(),
>which in turn causes libpam to call the conversation function
>if necessary.
Thanks for your detailed answer.
How about a new pam_get_items() function that queries more than one item at a time?
This way pam could easily merge user/password conversations when needed. Even the Solaris/Linux difference should not matter in this case.
Only problem is that this doesn't work right now. :(
Jörg
More information about the Pam-list
mailing list