PAM exec patch to allow PAM_AUTHTOK to be exported.
Dan Lukes
dan at obluda.cz
Sun May 20 18:29:50 UTC 2007
Zane C.B. napsal/wrote, On 05/20/07 19:24:
> My current thoughts are along the lines of passing it through stdin
> currently.
You can select the channel which can be used for information passing ?
It seems you have sources of the program you want to call from pam_exec.
The better way is to add a few function into sources and convert the
standalone binary into regular pam module.
In the fact, the program in question:
1. is not PAM aware, so it can't work with PAM data without source code
change - patch doesn't help
2. is PAM aware, so it shall to be written as regular PAM module - patch
is not required
3. want's to be PAM aware, but it's programmer is too lazy to write it
the clean way (as regular pam module) - we need the patch
The patch shall be rejected because the only purpose of it is to
support lazy programmers creating hacks instead of solutions.
I don't want to start a flame. It's my $0.02. Your's mileage may vary.
Dan
--
Dan Lukes SISAL MFF UK
AKA: dan at obluda.cz, dan at freebsd.cz, dan at (kolej.)mff.cuni.cz
More information about the freebsd-security
mailing list