How to save a copy of user's input password?
Andy
hewanxiang at gmail.com
Tue Jul 21 06:22:03 UTC 2009
On Tue, Jul 21, 2009 at 1:53 PM, Thorsten Kukuk<kukuk at suse.de> wrote:
> On Tue, Jul 21, Andy wrote:
>
>> Hi all,
>> My pam version is 1.1.0, I use it to authenticate users.
>> My case is, when pam finished it's auth, that is after
>> pam_authenticate(pamh, o) & pam_acct_mgmt(pamh, 0),
>> I want to save a copy of user's password if it's valid, but I can not
>> find any API to fulfill my needs.
>> I tried pam_get_item(pamh, PAM_AUTHTOK, (const void
>> **)©_of_passwd), but it returns a "bad item passed to
>> pam_*_item()", now I have no idea. :(
>
> As written in the documentation, this is not possible. And
> as your application does not know in which form the authentication
> was done, it doesn't make sense, too. Who says that a password
> was used for authentication? The admin could have decided to
> use finger prints instead or whatever else.
>
But now, in PAM, "pam_authenticate(...)" function gives a promt
"Password:" to let the user type in a password, we really have no way
to get a copy of user's input ?
I saw some code in google, something like below:
char *pass = NULL;
int retval;
/* Get the authtok; if we don't have one, silently fail. */
retval = pam_get_item( pamh, PAM_AUTHTOK, (const void **) &pass );
if (retval != PAM_SUCCESS) {
_log_err( LOG_ALERT
, "pam_get_item returned error to pam_sm_authenticate" );
return PAM_AUTHTOK_RECOVER_ERR;
} else if (pass == NULL) {
return PAM_AUTHTOK_RECOVER_ERR;
}
I guess this may try to retrieve a copy of authtok(password ??), but
now ( version1.1.0 ), PAM_AUTHTOK seems not be supported anymore.
Thanks.
-Andy
More information about the Pam-list
mailing list