On Thu, 2005-05-05 at 17:00, pam-list-request@xxxxxxxxxx wrote: <snip> > What I'd like to do now is to chain pam_krb5 after pam_radius so the ticket > cache is primed. This will result in a double authentication against the > kerberos server but I'm cool with that. The problem is that the authentication > token XXXXXXYYYY isn't useful for pam_krb5; I only want the YYYY password. > > Is there a standard way to modify the authentication token inside PAM? Perhaps a > pam_modify_authtok module? > > Or am I approaching this problem the wrong way? My solution to this would be to write a custom PAM module that calls get_item on PAM_AUTHTOK, copies YYYY to a new buffer and the calls set_item. Should be a pretty quick hack and from what I can see it /should/ work. HTH Cheers, - Martin -- Martin inkubus@xxxxxxxxxxxxxxxx "Seasons change, things come to pass" _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
