[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: FTP (Re: Source code for Pam'd applications)

From: Alan DeKok <alan cryptocard com>
To: pam-list redhat com
Subject: Re: FTP (Re: Source code for Pam'd applications)
Date: Thu, 04 Feb 1999 16:41:46 -0500

> I'll document the behaviour and everything will be ok? :)

  It would help.  But I don't have the time or inclination to read the
docs on every application to see if it *really* does PAM, as opposed
to just faking it.

> Blackholing info messages is probably a suboptimal idea. There is an
> alternative solution: one could save them to a buffer and print them out
> together with the final result (hoping the clients are able to eat
> multiline responses). Another approach would be to use PAM_SILENT.

  But (at some level) PAM supports conversations like:

Username:
Password:
Mothers maiden name:
Favorite color:

  Dropping the info messages AFTER the authentication mechanism
doesn't help.  The messages are in a particular order for a reason.

  It would be preferable under the current system to return
PAM_PERM_DENIED, instead of pretending to do what the module asked
you to do.

  Alan DeKok.

Follow-Ups:
- Re: FTP (Re: Source code for Pam'd applications)
  - From: Pavel Kankovsky <peak@kerberos.troja.mff.cuni.cz>

References:
- FTP (Re: Source code for Pam'd applications)
  - From: Pavel Kankovsky <peak@kerberos.troja.mff.cuni.cz>

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index] []