But this is not a bug. This is very much designed behavior. The whole point of PAM is that the modules drive authentication. Having the application drive the authentication and then tell PAM what to do is putting the cart before the horse. Why even bother calling pam_authenticate()? There are multiple ways to solve this problem. The most expedient one is the hack that currently exists - make the conversation function provide a cached password. A cleaner one involves using Solar Designer's userpass module. Cheers Andrew Nicolas Williams wrote: > > I think it would be best to fix LinuxPAM here. I'll write a patch. > > Nico > > On Tue, Jan 16, 2001 at 09:56:14AM +1100, Luke Howard wrote: > > > > We had a similar issue with the Mac OS X port of Linux-PAM, > > because of the design of loginwindow. > > > > So that we didn't change the behaviour of PAM, we added a > > PAMAuthenticateWithoutSanitizing() function to the > > loginwindow plugin which did not destroy the AUTHTOK > > before dispatch. Of course, this depends on knowledge > > of private API. > > > > > > -- Luke > > > > -- > > Luke Howard | lukeh@padl.com > > PADL Software | www.padl.com > > > > > > > > _______________________________________________ > > > > Pam-list@redhat.com > > https://listman.redhat.com/mailman/listinfo/pam-list > -- > > _______________________________________________ > > Pam-list@redhat.com > https://listman.redhat.com/mailman/listinfo/pam-list
