Re: using pam_sm_auth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


this is the function I have redefine for get the user and password from the user in
the Gnome Windows login

#define PAM_SM_AUTH

#include <security/pam_modules.h>
#include <security/pam_appl.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <pwd.h>
#include <syslog.h>

PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, const
char  ** argv)
    const char * userName = NULL;	//var to get the user name
    char * userPasswd;       	               //var to get the user password
    //others var
    int pam_err, retry;

   //geting the users name, this work fine
    if (pam_get_user(pamh, &userName, NULL) != PAM_SUCCESS)
	syslog(LOG_ERR, "cannot determine user name");

    if ( pam_get_item(pamh, PAM_AUTHTOK, (const void **)&userPasswd) != PAM_SUCCESS)
	syslog(LOG_ERR, "Error al extra el pass del usuario");

    return PAM_SUCCESS;

this is the main instruction of my function, the part where I get the user name and
de password, getting the user name work fine, but I can't obtain his password.
This is a service module for PAM, not for and app.

I need obtain all this data when the user get login on Gnome, having this data I
authenticate those values against my database and them I set knew credentials with
pam_set_item, but this last part doesn't matter because the first part doesn't work

If I call pam_get_authtok() function all work ok, I get the password fine, but I
have to put the password twice, one for the function pam_get_authtok() and other for
the system I guess, the same thing happened when I use the conversation function.

Then my problem now are two, one how can I get the user password without use
pam_get_authtok or the conversation function? , and if I have to use one of those,
how can avoid the second authentication in the Gnome window login.

please if someone knows about this I need help.

> On Thu, 2011-10-06 at 00:16 -0400, leonel06013@xxxxxxxxxxxxxxxx wrote:
>> Hi:
>> I'm createing a pam_sm_authenticate module for the gnome login windows, in this I
>> need the userName and the password, I need to validate this information against a
>> database, I have already obtained the username, and use pam_get_item(pamh,
>> PAM_AUTHTOK, (const void **) pass);  to obtain the pass, where pass is a (char *),
>> everything works fine, but when the user logs on, the variable pass is NULL, and I
>> can not get the pass that the user put in the gnome login windows.
>> How can I get the password of a user usign pam_get_item, using the item_type
>> (PAM_AUTHTOK), can somebody give an example.
> If the module is supposed to be used only with Linux-PAM you can use
> pam_get_authtok() extension function from it to get the password.
> Otherwise you have to copy the code that calls conversation functions to
> obtain the password.
> --
> Tomas Mraz
> No matter how far down the wrong road you've gone, turn back.
>                                               Turkish proverb
> _______________________________________________
> Pam-list mailing list
> Pam-list@xxxxxxxxxx

Pam-list mailing list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux