On Tue, Jul 21, 2009 at 2:56 PM, Thorsten Kukuk<kukuk@xxxxxxx> wrote: > On Tue, Jul 21, Andy wrote: > >> On Tue, Jul 21, 2009 at 1:53 PM, Thorsten Kukuk<kukuk@xxxxxxx> wrote: >> > On Tue, Jul 21, Andy wrote: >> > >> >> Hi all, >> >> My pam version is 1.1.0, I use it to authenticate users. >> >> My case is, when pam finished it's auth, that is after >> >> pam_authenticate(pamh, o) & pam_acct_mgmt(pamh, 0), >> >> I want to save a copy of user's password if it's valid, but I can not >> >> find any API to fulfill my needs. >> >> I tried pam_get_item(pamh, PAM_AUTHTOK, (const void >> >> **)©_of_passwd), but it returns a "bad item passed to >> >> pam_*_item()", now I have no idea. :( >> > >> > As written in the documentation, this is not possible. And >> > as your application does not know in which form the authentication >> > was done, it doesn't make sense, too. Who says that a password >> > was used for authentication? The admin could have decided to >> > use finger prints instead or whatever else. >> > >> >> But now, in PAM, "pam_authenticate(...)" function gives a promt >> "Password:" to let the user type in a password, > > One of the configured PAM modules is asking that, but you can > always replace that module with something different. > >> we really have no way to get a copy of user's input ? > > No, there is not. Read the documentation. > >> I saw some code in google, something like below: > > That's code for a PAM module, not a PAM aware application. > >> I guess this may try to retrieve a copy of authtok(password ??), but >> now ( version1.1.0 ), PAM_AUTHTOK seems not be supported anymore. > > Not anymore, it was never. > > You should really start reading the PAM documenation, especially > the application writer guide. > > Thorsten > Yes, I should spend some time on the doc first. Thanks for your time, really appreciate your reply. -Andy _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
