|
Hello Everybody I need help We are trying to make a new SASL mechanism to enable ldap
authentication via third-party password-validation tool. User Authentication is routed to the tool which might
ask the client for a new password to be keyed in. We succeeded handling all the conversation though in
a unseemly fashion for the new password is echoed (which, of course, is not welcome
by the customer). Our 3 main keys have been: 1) enabling
SSH interaction with ChallengeResponseAuthentication=yes in sshd_config 2) enabling
PAM_LDAP via etc/pam.d/system-auth 3) enabling
the pam_conv routine by the following mechanism code: echo_result
= _plug_challenge_prompt(params->utils, SASL_CB_ECHOPROMPT, NULL, promptText, (const char**)&text->echoresponse,
prompt_need); if
((echo_result != SASL_OK) && (echo_result != SASL_INTERACT)) return echo_result;
/* free prompts we got */
if (prompt_need
&& *prompt_need) { params->utils->free(*prompt_need); *prompt_need
= NULL;
} /* if there are prompts not filled in */ if (echo_result ==
SASL_INTERACT) { /* make the prompt list */ result
= _plug_make_prompts(params->utils,
prompt_need, NULL,
NULL, NULL,
NULL, NULL,
NULL, NULL,
promptText, NULL,
NULL, NULL, NULL); if
(result != SASL_OK) return
result; return SASL_INTERACT; }
/* the application provided
us with a new password so use it */
if
(text->echoresponse) { *clientout
= text->echoresponse; *clientoutlen
= strlen(text->echoresponse); } Now what we expected was just to turn SASL_CB_ECHOPROMPT to SASL_CB_NOECHOPROMPT to reach our goal The result is the pam_conv routine returns empty
response to sasl and the mech_client_step function keeps being called (looping)
by the glue code. In human terms the client keeps giving his new password
and still in clear (echoprompted) . Do you have any idea on what I’m missing? Is it available any reference about chalprompt_cb function and its
parameters used by _plug_challenge_prompt? We also tried with _plug_get_password without any outcome Any help would be appreciated Many many thanks Francesco Grossi |
