On Wed, 2002-07-31 at 03:26, jkung@us.ibm.com wrote: > > Hi, > > >From what I have been able to observe on RedHat 7.2, the pam_unix.so > password module clears the PAM_AUTHTOK and PAM_OLDAUTHTOK > tokens so the next stacked password module can not call pam_get_item > for the data. Is there an argument that can be passed to the pam_unix.so > password module that will tell it to not clear the tokens? I want to write > a pam module that can be called after pam_unix.so, and I want to use > the passwords that were previously entered by the user. If I missed some > documentation or a previous thread on this, I apologize and would > appreciate a pointer to the info. Use the argument 'use_first_pass' for your module. eg: password required pam_unix.so <arguments> password required my_module use_first_pass <other arguments> try_first_pass should work too. See also: http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam-4.html#ss4.3 http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam_modules-4.html Also check that this is NOT set: "The not_set_pass argument is used to inform the module that it is not to pay attention to/make available the old or new passwords from/to other (stacked) password modules." That's from http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam-6.html#ss6.26 Failing that, set debug and poke around in the source to see what it's doing wrong. Jenn V. -- "Do you ever wonder if there's a whole section of geek culture you miss out on by being a geek?" - Dancer. jenn@anthill.echidna.id.au http://anthill.echidna.id.au/~jenn/
