Quoting Nicolas Williams <Nicolas.Williams@ubsw.com>: > And for apps like XDM or loginwinsow where the app prompts for a > username AND a password before callin pam_authenticate, it would be > useful to be able to pam_set_item(PAM_AUTHTOK). > I have such an app. I cannot change it, but it can load library for > handling authentication, so we've made such a library, based on PAM, > that provides the necessary methods to the app. The library does provide > a conversation function and it can prompt the user, but, currently the > user prompted for her password AGAIN after typing it in once in the > original xdm-like login panel. Then you have to reconcile the need for module-driven authentication (PAM) with the need for letting an application provide the authentication token ahead of time. There are PAM modules available that try to mediate the conversation, providing the pre-established authentication token in response to a password prompt.. this is a hack, just as any attempt to support this directly in libpam would also be a hack, but it does the job. It's unfortunate that you don't have access to the source for this app. Whatever it may lack in other areas when compared with xdm, gdm is a stellar example of PAM prompting in a graphical environment. Steve Langasek postmodern programmer
