(I must be going senile - I swear I search my local archive for a mention of this, and now I come to do it again, and there we are...) Yes, I'd characterise that as broken. Regards, Phil +----------------------------------+ | Phil Mayers, Network Support | | Centre for Computing Services | | Imperial College | +----------------------------------+ -----Original Message----- From: Nicolas Williams [mailto:Nicolas.Williams@ubsw.com] Sent: 15 December 2000 18:53 To: pam-list@redhat.com Subject: Re: Passing password through a PAM-API Look for a previous email from me to the list explaining the problem: pam_authenticate() and friends call _pam_sanitize() before calling the module methods and _pam_sanitize() simply overwrites the PAM_AUTHTOK item (and PAM_OLDAUTHTOK). In other words, handling of the PAM_*AUTHTOK items is broken. Nico
