Hi,
The LSB wrote a test suite for PAM. After looking at the results,
I have some questions about the PAM specification, where I couldn't
find anything:
1. The PAM specefication describes the PAM_MAXTRIES error code, but
not when it should be used. Does a module needs to return PAM_MAXTRIES
at some time?
2. If I call pam_authenticate with a unknown user, should the Module
return PAM_AUTHINFO_UNAVAIL or PAM_USER_UNKNOWN?
As far as I understand the documentation, PAM_AUTHINFO_UNAVAIL should
be returned if there are network or hardware problems, but not if the
user is unknown to the system.
3. Calling pam_chauthtok and the users enters the correct old
password, but aborts on typing the new one, should a PAM module
return PAM_AUTHTOK_RECOVER_ERR (I think this is wrong, since we
got the old token) or PAM_AUTHTOK_ERR?
I would be great if some people could tell me their opinium about
this.
Thanks,
Thorsten
--
Thorsten Kukuk http://www.suse.de/~kukuk/ kukuk@xxxxxxx
SuSE Linux AG Deutschherrnstr. 15-19 D-90429 Nuernberg
--------------------------------------------------------------------
Key fingerprint = A368 676B 5E1B 3E46 CFCE 2D97 F8FD 4E23 56C6 FB4B
_______________________________________________
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
