Indeed, it's not very pretty to try to save the password from the conversation function, but it is a workaround, and it is portable. Just save all the no echo prompts' returns and try each in succession as the old authtok till pam_chauthtok() succeeds or all of those tokens fail. But yes, I too have been mystified by a few silly things in PAM: - Why not allow the app to save the authtok? After all it has done the prompting, so it oissesse the authtoks, just not in a convenient way - Why not allow pam_authenticate() to return PAM_NEWAUTHOTK_REQD? This can't be changed backwards compatibly now without also adding a new API by which an app may indicate to PAM which version of PAM it supports. Cheers, Nico On Tue, Apr 16, 2002 at 03:47:09PM +0200, Thorsten Kukuk wrote: > On Tue, Apr 16, Nicolas Williams wrote: > > > Are you in control of the conversation function? > > Yes, but this does not help, I don't know if secureRPC or whatever > is used or not, so I have to parse all strings and compare it with > a database, which PAM modules uses which string for which query. > Not something I would call "portable". And you have to modify every > package, I would like to handle this complete in the PAM module. > > Thorsten > > -- > Thorsten Kukuk http://www.suse.de/~kukuk/ kukuk@suse.de > SuSE Linux AG Deutschherrenstr. 15-19 D-90429 Nuernberg > -------------------------------------------------------------------- > Key fingerprint = A368 676B 5E1B 3E46 CFCE 2D97 F8FD 4E23 56C6 FB4B > > > > _______________________________________________ > > Pam-list@redhat.com > https://listman.redhat.com/mailman/listinfo/pam-list -- -DISCLAIMER: an automatically appended disclaimer may follow. By posting- -to a public e-mail mailing list I hereby grant permission to distribute- -and copy this message.- Visit our website at http://www.ubswarburg.com This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments.
