|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Steve Langasek (vorlon
netexpress.net)Date: Mon Feb 19 2001 - 13:24:07 CST
Quoting Nicolas Williams <Nicolas.Williamsubsw.com>:
> And for apps like XDM or loginwinsow where the app prompts for a
> username AND a password before callin pam_authenticate, it would be
> useful to be able to pam_set_item(PAM_AUTHTOK).
> I have such an app. I cannot change it, but it can load library for
> handling authentication, so we've made such a library, based on PAM,
> that provides the necessary methods to the app. The library does provide
> a conversation function and it can prompt the user, but, currently the
> user prompted for her password AGAIN after typing it in once in the
> original xdm-like login panel.
Then you have to reconcile the need for module-driven authentication (PAM) with
the need for letting an application provide the authentication token ahead of
time. There are PAM modules available that try to mediate the conversation,
providing the pre-established authentication token in response to a password
prompt.. this is a hack, just as any attempt to support this directly in libpam
would also be a hack, but it does the job.
It's unfortunate that you don't have access to the source for this app.
Whatever it may lack in other areas when compared with xdm, gdm is a stellar
example of PAM prompting in a graphical environment.
Steve Langasek
postmodern programmer
_______________________________________________
Pam-list mailing list
Pam-listredhat.com
https://listman.redhat.com/mailman/listinfo/pam-list
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]