That's almost trivial, I don't want to make Linux-PAM modules
to be linux-specific also. We already have incompatibility
(with ourseves) having PAM_SET_DELAY in some versions and not
having it on earlier versions.
With respect of pam_log routines, modules should have lines
like this
#ifndef HAVE_PAM_LOG
static int pam_log(args of pam_log proposed) {
do all the work here
}
#endif
somewhere, and use the pam_log() as like it have/supported
in pam. This way, _source_ compatibility is not an issue
(binary is another story).
David Lee wrote:
>
> On Fri, 1 Sep 2000, Nikolay Pelov wrote:
>
> > PAM already supports setting two user-defined callback functions:
> > conversation function and fail-delay function. And there is a
> > standard convention how to set and retreive them:
> >
> > pam_(set|get)_item(pamh, PAM_CONV, conv_func);
> > pam_(set|get)_item(pamh, PAM_FAIL_DELAY, fail_delay_func);
> >
> > So, I think we should stick with this principle and use
> >
> > pam_set_item(pamh, PAM_LOG_CALLBACK, newcb);
> > pam_get_item(pamh, PAM_LOG_CALLBACK, &newcb);
> >
> > instead of introducting new function which does exatcly the same like:
> >
> > > pam_log_callback_t *pam_set_log_callback(pam_handle_t *pamh,
> > > pam_log_callback_t *newcb);
>
> Nice idea. BUT...
>
> One of the main efforts underway at present is to ensure that "Linux-PAM"
> is portable to other operating systems, not just Linux. (Example: be able
> to take a Linux-PAM module and put it into a Solaris system.) And I
> understand that Andrew Morgan is keen that (so called) "Linux-PAM" be
> made, and kept, portable and ultimately regarded, if possible, as
> "Open-PAM".
>
> Are we sure that every current and future PAM implementation from every
> commercial OS vendor will accept use of arbitrary new "item types", such
> as the proposed "PAM_LOG_CALLBACK"? Is it not quite probable that some
> PAM framework on some vendor's OS will internally implement
> "pam_(set|get)_item()" as:
>
> pam_(set|get)_item(..., int item_type, ...)
> {
> switch (item_type) {
> case PAM_AUTHTOK: /* known to this vendor */
> [... ]
> break;
>
> [... similarly for other known item_type ...]
>
> default: /* unknown to this vendor */
> [... complain bitterly and fail ...]
> }
> }
>
> So just a note of caution, not to paint ourselves further into a
> "Linux-only" corner, when this product deserves wider use.
>
> --
>
> : David Lee I.T. Service :
> : Systems Programmer Computer Centre :
> : University of Durham :
> : http://www.dur.ac.uk/~dcl0tdl South Road :
> : Durham :
> : Phone: +44 191 374 2882 U.K. :
>
> _______________________________________________
>
> Pam-list@redhat.com
> https://listman.redhat.com/mailman/listinfo/pam-list
