We had a similar issue with the Mac OS X port of Linux-PAM, because of the design of loginwindow. So that we didn't change the behaviour of PAM, we added a PAMAuthenticateWithoutSanitizing() function to the loginwindow plugin which did not destroy the AUTHTOK before dispatch. Of course, this depends on knowledge of private API. -- Luke -- Luke Howard | lukeh@padl.com PADL Software | www.padl.com
