[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Setting password non-interactively with PAM

From: Nicolas François <nekral lists gmail com>
To: pam-list redhat com
Cc: pkg-shadow-devel lists alioth debian org
Subject: Setting password non-interactively with PAM
Date: Sat, 14 Jun 2008 23:43:35 +0200

Hello,

When configured with PAM support, passwd from shadow-utils uses PAM to set
the password.

The newusers and chpasswd utilities are non-interactive tools to
create users or change users' passwords by batch.

I would like to use PAM also to set the passwords with these tools. So
that the passwords creation policy can be configured in a single place.

To do this, I implemented a non-interactive PAM conversation function.
Is this something insane or does it sounds good from a PAM point of view?

Also, what do you think should be the behavior of this conversation
function for PAM_PROMPT_ECHO_ON requests?
For PAM_ERROR_MSG and PAM_TEXT_INFO requests, I decided to just print the
message to stderr or stdout and return a NULL response.
For PAM_PROMPT_ECHO_ON requests, I currently decided to make the
conversation function fail and warn that modules requesting echoing are
not supported.

Best Regards,
-- 
Nekral

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]