On Mon, Feb 10, 2003 at 09:06:46PM -0500, Dan Lanz wrote: > I have written a PAM module that is intended to authenticate against a > local database. It's very simple. It calls pam_get_user() to retrieve > the username and then calls pam_get_item() to retrieve the password as > follows: > const char *pass = NULL; > int st = pam_get_item(pamh, PAM_AUTHTOK, (const void **) &pass); > I set up my /etc/pam.d/login file to call my pam module in place of > pam_unix.so and test using telnet with a PAM-aware telnetd. Telnet only > asks for my username, and never asks for the password. So it's no > surprise that when I look at my debug log output, pam_get_user() > succeeds and returns the correct username, but although pam_get_item() > returns a success status, the 'pass' parameter comes back NULL. > Does anyone have any ideas as to why I would not be asked for my > password when I supply my custom module in place of the pam_unix.so > (note that the pam_unix.so module worked fine)? Because PAM modules are responsible for prompting for any authentication information they may need. I recommend you consult the PAM spec or the Linux-PAM Module Writers' Guide for full details. -- Steve Langasek postmodern programmer
Attachment:
pgp00064.pgp
Description: PGP signature
