>>> I can also imagine a pam module that queries user and >>> password with one conversation call and stores it in >>> pam_handle_t. Than tell pam_unix somehow to use this items >>> instead of making new calls. >>> Is this possible? Does this imaginary pam module exist? > >If you follow the recommendations in the pam module programmer's docs, >even this is not clean, as it >handles only the case, where you need exactly one user name and one >(passive) password to be queried. > >A well written module doesn't call the conversation function >itself, but >simply issues a call to pam_get_item(), >which in turn causes libpam to call the conversation function >if necessary. Thanks for your detailed answer. How about a new pam_get_items() function that queries more than one item at a time? This way pam could easily merge user/password conversations when needed. Even the Solaris/Linux difference should not matter in this case. Only problem is that this doesn't work right now. :( Jörg _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
