On Tue, Jul 21, Andy wrote: > On Tue, Jul 21, 2009 at 1:53 PM, Thorsten Kukuk<kukuk@xxxxxxx> wrote: > > On Tue, Jul 21, Andy wrote: > > > >> Hi all, > >> My pam version is 1.1.0, I use it to authenticate users. > >> My case is, when pam finished it's auth, that is after > >> pam_authenticate(pamh, o) & pam_acct_mgmt(pamh, 0), > >> I want to save a copy of user's password if it's valid, but I can not > >> find any API to fulfill my needs. > >> I tried pam_get_item(pamh, PAM_AUTHTOK, (const void > >> **)©_of_passwd), but it returns a "bad item passed to > >> pam_*_item()", now I have no idea. :( > > > > As written in the documentation, this is not possible. And > > as your application does not know in which form the authentication > > was done, it doesn't make sense, too. Who says that a password > > was used for authentication? The admin could have decided to > > use finger prints instead or whatever else. > > > > But now, in PAM, "pam_authenticate(...)" function gives a promt > "Password:" to let the user type in a password, One of the configured PAM modules is asking that, but you can always replace that module with something different. > we really have no way to get a copy of user's input ? No, there is not. Read the documentation. > I saw some code in google, something like below: That's code for a PAM module, not a PAM aware application. > I guess this may try to retrieve a copy of authtok(password ??), but > now ( version1.1.0 ), PAM_AUTHTOK seems not be supported anymore. Not anymore, it was never. You should really start reading the PAM documenation, especially the application writer guide. Thorsten -- Thorsten Kukuk, Project Manager/Release Manager SLES SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg GF: Markus Rex, HRB 16746 (AG Nuernberg) _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
