Hi Andrew,
>It sounds ok, although I'm not quite clear on where the chain is stored.
>The cleanup at the end looks fragile depending on where the chain is.
>Does the chain exist in shared memory or something? Or are you referring
>to other modules in the same stack?
The encrypted keychain is stored on disk, but I suspect that
the unlocked keychain is stored in shared memory. I'm really
not sure because all of this is opaque to me (not having
source code to the keychain library).
Anyway, it _kind_ of works, but seems to crash occasionally
in the cleanup function. I'm waiting for someone at Apple
to have a look at it.
FWIW, I got {use,try}_mapped_pass working: because most
of the modules use the pam_get_pass() function, which
FreeBSD added to libpam, it provided a single point at
which to add this functionality so users' authentication
tokens can be retrieved from the keychain. (The Darwin
Linux-PAM port includes the FreeBSD extensions.)
-- Luke
--
Luke Howard | lukeh@padl.com
PADL Software | www.padl.com
