On Tue, Jul 21, 2009 at 1:53 PM, Thorsten Kukuk<kukuk@xxxxxxx> wrote: > On Tue, Jul 21, Andy wrote: > >> Hi all, >> My pam version is 1.1.0, I use it to authenticate users. >> My case is, when pam finished it's auth, that is after >> pam_authenticate(pamh, o) & pam_acct_mgmt(pamh, 0), >> I want to save a copy of user's password if it's valid, but I can not >> find any API to fulfill my needs. >> I tried pam_get_item(pamh, PAM_AUTHTOK, (const void >> **)©_of_passwd), but it returns a "bad item passed to >> pam_*_item()", now I have no idea. :( > > As written in the documentation, this is not possible. And > as your application does not know in which form the authentication > was done, it doesn't make sense, too. Who says that a password > was used for authentication? The admin could have decided to > use finger prints instead or whatever else. > But now, in PAM, "pam_authenticate(...)" function gives a promt "Password:" to let the user type in a password, we really have no way to get a copy of user's input ? I saw some code in google, something like below: char *pass = NULL; int retval; /* Get the authtok; if we don't have one, silently fail. */ retval = pam_get_item( pamh, PAM_AUTHTOK, (const void **) &pass ); if (retval != PAM_SUCCESS) { _log_err( LOG_ALERT , "pam_get_item returned error to pam_sm_authenticate" ); return PAM_AUTHTOK_RECOVER_ERR; } else if (pass == NULL) { return PAM_AUTHTOK_RECOVER_ERR; } I guess this may try to retrieve a copy of authtok(password ??), but now ( version1.1.0 ), PAM_AUTHTOK seems not be supported anymore. Thanks. -Andy _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list