Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 21 Jan 2002 00:04:41 +0000
From:      Mark Murray <mark@grondar.za>
To:        "Andrey A. Chernov" <ache@nagual.pp.ru>
Cc:        des@FreeBSD.ORG, current@FreeBSD.ORG
Subject:   Re: Step5, pam_opie OPIE auth fix for review 
Message-ID:  <200201210004.g0L04ft34900@grimreaper.grondar.org>
In-Reply-To: <20020120235647.GA27206@nagual.pp.ru> ; from "Andrey A. Chernov" <ache@nagual.pp.ru>  "Mon, 21 Jan 2002 02:56:48 %2B0300."
References:  <20020120235647.GA27206@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help 
> On Sun, Jan 20, 2002 at 23:44:44 +0000, Mark Murray wrote:
> 
> > > Yes. And to allow PAM stack to make right decision, pam_opie pass special
> > > information to PAM stack. Look at the patch, pam_opie not breaks from the
> > > stack by yourself, it is /etc/pam* do that using information from
> > > pam_opie.
> > 
> > Sure - but you are making specialised use of the return value that
> > assumes that pam_opie will be followed by pam_unix. This violates
> > the PAM spec.
> 
> The alternative (yet one) way can be adding Unix (plaintext) password
> checking code directly to pam_opie. It makes pam_opie fully independent of
> other modules and specific position in the /etc/pam.d/* config files and
> allows us to not touch them. If you agree with that way, I'll come with
> the patch.

No. I completely disagree with that method. that is pam_unix's job.

DES's PAM_IGNORE suggestion has a lot of merit.

> About other points stated in your message, my answer depends on what you
> deside for above, because it is unneded to discuss them, if you agree to
> make pam_opie self-containing.

It must be self-contained, and it must not do stuff that is the job
of other modules. Unix password checking is not pam_opie's job.

M
-- 
o       Mark Murray
\_      FreeBSD Services Limited
O.\_    Warning: this .sig is umop ap!sdn

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200201210004.g0L04ft34900>