Steve Langasek schrieb:
> If you have to code both your app and your module to exchange extra
> information, then it's no longer very "pluggable", is it?
Note: only the application passes data to the module, not the other way
round. The module should have the ability to make more granular
authorisation decisions. ("Shall user X be granted to access Port 80 of
Host Y?"). I just want to pass the information, that the requested
"resource" is Port 80 of Host Y.
> When a module needs additional information in order to do its job, it's
> expected that the module will use the conversation function provided
by the
> app in order to request this information from the user in some fashion.
The problem with that is, that most existing applications simply send
the password, when PAM_PROMPT_ECHO_OFF is sent to them. So I would have
to add new messages to the PAM library. I don't think, that's cool.
Thanks so long,
tobi
_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
