From owner-freebsd-security@FreeBSD.ORG Wed Dec 29 22:47:15 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 13D5A106564A for ; Wed, 29 Dec 2010 22:47:15 +0000 (UTC) (envelope-from cjr@cruwe.de) Received: from cruwe.de (t1850.greatnet.de [83.133.124.96]) by mx1.freebsd.org (Postfix) with ESMTP id 78A1F8FC13 for ; Wed, 29 Dec 2010 22:47:14 +0000 (UTC) Received: (qmail 11199 invoked from network); 29 Dec 2010 22:20:31 -0000 Received: from p5b37a2f4.dip.t-dialin.net (HELO dijkstra) (smtpallow@91.55.162.244) by t1850.greatnet.de with ESMTPA; 29 Dec 2010 22:20:31 -0000 Date: Wed, 29 Dec 2010 23:20:30 +0100 From: "Christopher J. Ruwe" To: Message-ID: <20101229232030.25b2bd5a@dijkstra> X-Mailer: Claws Mail 3.7.6 (GTK+ 2.22.1; amd64-portbld-freebsd8.1) Mime-Version: 1.0 Content-Type: multipart/signed; micalg=PGP-SHA1; boundary="Sig_/b19nkui4M1mWb5as3gTvrEs"; protocol="application/pgp-signature" Cc: freebsd-hackers@freebsd.org, freebsd-doc@freebsd.org, freebsd-security@freebsd.org Subject: setting a random password with PAM API X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Dec 2010 22:47:15 -0000 --Sig_/b19nkui4M1mWb5as3gTvrEs Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Hi, First, I'd like to apologise for my choice of lists to post to ... the question is more PAM-specific than FreeBSD, but the idea comes from BSD, so I hope someone will have an idea or knows where to turn to (and I don't know where to turn else). I am trying to implement the feature to set a random password like in BSD "pw usermod -W" in the Solaris passwd. Regrettably, I have not found or perhaps not understood the PAM API documentation on how to _inject a given string_ into the change-auth-token function pam_chauthtok(...), which always jumps in an interactive pw-changing loop. After I have generated a random string char * randstring, I have tried setting that string using retval =3D pam_set_item( pamh, PAM_AUTHTOK, randstring); =20 which returns PAM_SUCCESS. The password / authentication token remains unchanged, however. My second idea, i.e., using pam_sm_chauthtok(...), did not work, either, as I have not understood the arguments to be passed. Should anybody know how to inject a given/known string into PAM to set a user password, know where to look for documentation regarding that issue or have another idea, I would really appreciate it ... and again my apologies for being more than just slightly off topic. Kind regards, --=20 Christopher J. Ruwe TZ GMT + 1 --Sig_/b19nkui4M1mWb5as3gTvrEs Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (FreeBSD) iQIcBAEBAgAGBQJNG7Q1AAoJEJTIKW/o3iwUXkgQAKXqvpZDvaiG4NY9cj8WAB7c u478EO3WuMYDQC4mS+kAujovsI2KggGgfNwB2HVcNjbfubV+XiJndf3x94osykAV GmAEoXAYL37f5Snw+nS47O4/1ueHD4yr1O+Ga6vBHrJqUMhY5GJXBDGrH/KrRRhq qAApQq9ZJNUMvu/f6VlK6LcRoyLe/ljEmxFHnBaGvfrj87w2mwfhDiMUXm9lh8R/ 1N5JRTfb7RDirb99+T9/dMQxxxkdncAGH1nJS7JIZZzJOGE2CjSJp2rUXYot1RSj ZKFb85E/TKn6inqsNQ7OgLG9gTd4HFlbQ+1+RYSoyWM99zLSNhiGdhtyHQ0nrWgS 0ZTRxzu2i6hbhX7hyNoNPWclXZ8ppT8f+Hc3mz2DzsgFK0wKK+OboWN0X9nKVPn8 rxIpnWLAB+VR15313DCM1o/I9ocI+O5kvq350Kta8uaXBNYPaIhipravaX/Cr6Wt Kq/n3ipm5PJd9dlNp5ojfNP5QhYwDM5c2BP8YNtj7EWWz3wM5t9SmF+y+Cz2RrWl DnX8PeCGohqmqAzWPtUGs773Jq89zFErL9qqpygispKU/cXUT4RL0H3GppnZeoKr UIuD0m2x3jLNm77VJcXuqejobUnHXvidih/4fgU9HGi758htSAQ/70hc/a8ulkFL SC9mm15cbJOXVA0dy8SV =MzAJ -----END PGP SIGNATURE----- --Sig_/b19nkui4M1mWb5as3gTvrEs--