Sorry to jump in, but yes, its possible. But you'd have to write your own module and I don't think you'll get much help here because well, there's no 'white hat' reason to capture the password.|
Note: Password could be a character string, or a converted biometric pattern, or anything.
Why don't you explain why you want to capture the password? Perhaps there's a better way to achieve what you want?
> Date: Tue, 21 Jul 2009 08:56:21 +0200
> From: kukuk suse de
> To: pam-list redhat com
> Subject: Re: How to save a copy of user's input password?
> On Tue, Jul 21, Andy wrote:
> > On Tue, Jul 21, 2009 at 1:53 PM, Thorsten Kukuk<kukuk suse de> wrote:
> > > On Tue, Jul 21, Andy wrote:
> > >
> > >> Hi all,
> > >> My pam version is 1.1.0, I use it to authenticate users.
> > >> My case is, when pam finished it's auth, that is after
> > >> pam_authenticate(pamh, o) & pam_acct_mgmt(pamh, 0),
> > >> I want to save a copy of user's password if it's valid, but I can not
> > >> find any API to fulfill my needs.
> > >> I tried pam_get_item(pamh, PAM_AUTHTOK, (const void
> > >> **)©_of_passwd), but it returns a "bad item passed to
> > >> pam_*_item()", now I have no idea. :(
> > >
> > > As written in the documentation, this is not possible. And
> > > as your application does not know in which form the authentication
> > > was done, it doesn't make sense, too. Who says that a password
> > > was used for authentication? The admin could have decided to
> > > use finger prints instead or whatever else.
> > >
> > But now, in PAM, "pam_authenticate(...)" function gives a promt
> > "Password:" to let the user type in a password,
> One of the configured PAM modules is asking that, but you can
> always replace that module with something different.
> > we really have no way to get a copy of user's input ?
> No, there is not. Read the documentation.
> > I saw some code in google, something like below:
> That's code for a PAM module, not a PAM aware application.
> > I guess this may try to retrieve a copy of authtok(password ??), but
> > now ( version1.1.0 ), PAM_AUTHTOK seems not be supported anymore.
> Not anymore, it was never.
> You should really start reading the PAM documenation, especially
> the application writer guide.
> Thorsten Kukuk, Project Manager/Release Manager SLES
> SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
> GF: Markus Rex, HRB 16746 (AG Nuernberg)
> Pam-list mailing list
> Pam-list redhat com
Windows Live™ SkyDrive™: Store, access, and share your photos. See how.