From owner-freebsd-current  Sun Jan 20 16: 4:58 2002
Delivered-To: freebsd-current@freebsd.org
Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.139.170])
	by hub.freebsd.org (Postfix) with ESMTP
	id 04F3737B443; Sun, 20 Jan 2002 16:04:41 -0800 (PST)
Received: (from uucp@localhost)
	by storm.FreeBSD.org.uk (8.11.6/8.11.6) with UUCP id g0L04YF91761;
	Mon, 21 Jan 2002 00:04:34 GMT
	(envelope-from mark@grondar.za)
Received: from grondar.za (mark@localhost [127.0.0.1])
	by grimreaper.grondar.org (8.11.6/8.11.6) with ESMTP id g0L04ft34900;
	Mon, 21 Jan 2002 00:04:41 GMT
	(envelope-from mark@grondar.za)
Message-Id: <200201210004.g0L04ft34900@grimreaper.grondar.org>
To: "Andrey A. Chernov" <ache@nagual.pp.ru>
Cc: des@FreeBSD.ORG, current@FreeBSD.ORG
Subject: Re: Step5, pam_opie OPIE auth fix for review 
References: <20020120235647.GA27206@nagual.pp.ru> 
In-Reply-To: <20020120235647.GA27206@nagual.pp.ru> ; from "Andrey A. Chernov" <ache@nagual.pp.ru>  "Mon, 21 Jan 2002 02:56:48 +0300."
Date: Mon, 21 Jan 2002 00:04:41 +0000
From: Mark Murray <mark@grondar.za>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

> On Sun, Jan 20, 2002 at 23:44:44 +0000, Mark Murray wrote:
> 
> > > Yes. And to allow PAM stack to make right decision, pam_opie pass special
> > > information to PAM stack. Look at the patch, pam_opie not breaks from the
> > > stack by yourself, it is /etc/pam* do that using information from
> > > pam_opie.
> > 
> > Sure - but you are making specialised use of the return value that
> > assumes that pam_opie will be followed by pam_unix. This violates
> > the PAM spec.
> 
> The alternative (yet one) way can be adding Unix (plaintext) password
> checking code directly to pam_opie. It makes pam_opie fully independent of
> other modules and specific position in the /etc/pam.d/* config files and
> allows us to not touch them. If you agree with that way, I'll come with
> the patch.

No. I completely disagree with that method. that is pam_unix's job.

DES's PAM_IGNORE suggestion has a lot of merit.

> About other points stated in your message, my answer depends on what you
> deside for above, because it is unneded to discuss them, if you agree to
> make pam_opie self-containing.

It must be self-contained, and it must not do stuff that is the job
of other modules. Unix password checking is not pam_opie's job.

M
-- 
o       Mark Murray
\_      FreeBSD Services Limited
O.\_    Warning: this .sig is umop ap!sdn

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message