Nicolas Williams wrote: > Also, since the docs mention this along with binary prompts, I'd like to > make a comment on binary prompts: it would be nice if the name of the > module issuing a binary prompt and/or an optional token type were > included in the binary prompt. [...] This is basically how the binary prompts are supposed to work. Search for PAM_BPC_SELECT binary prompts in this document. http://www.kernel.org/pub/linux/libs/pam/pre/doc/current-draft.txt > [...] I think PAM binary prompts could be used > as a simple API wrapper around SASL/GSS-API/Kerberos/..., but apps using > PAM this way might need to know the token types so as to, for example, > be able to further format them as needed by the protocol spoken by the > app, or to be able to respond appropriately to prompts whose token type > cannot be used by the app, either because the protocols it speaks don't > specify how to use certain token types, or because the app has > negotiated a network authentication protocol to use with the remote side > and so on... Also, to be truly useful as a simple wrapper around those > complex APIs, PAM would have to provide a way for the app to communicate > with the modules. by app do you mean the client or the server? Cheers Andrew
