Date: Sun, 20 May 2007 20:29:47 +0200 From: Dan Lukes <dan@obluda.cz> To: freebsd security <freebsd-security@freebsd.org> Subject: Re: PAM exec patch to allow PAM_AUTHTOK to be exported. Message-ID: <4650939B.6020004@obluda.cz> In-Reply-To: <20070520132410.58989605@vixen42> References: <20070519130533.722e8b57@vixen42> <86bqgfh4w0.fsf@dwp.des.no> <20070520120142.39e86eae@vixen42> <86tzu7ifp2.fsf@dwp.des.no> <20070520132410.58989605@vixen42>
next in thread | previous in thread | raw e-mail | index | archive | help
Zane C.B. napsal/wrote, On 05/20/07 19:24: > My current thoughts are along the lines of passing it through stdin > currently. You can select the channel which can be used for information passing ? It seems you have sources of the program you want to call from pam_exec. The better way is to add a few function into sources and convert the standalone binary into regular pam module. In the fact, the program in question: 1. is not PAM aware, so it can't work with PAM data without source code change - patch doesn't help 2. is PAM aware, so it shall to be written as regular PAM module - patch is not required 3. want's to be PAM aware, but it's programmer is too lazy to write it the clean way (as regular pam module) - we need the patch The patch shall be rejected because the only purpose of it is to support lazy programmers creating hacks instead of solutions. I don't want to start a flame. It's my $0.02. Your's mileage may vary. Dan -- Dan Lukes SISAL MFF UK AKA: dan at obluda.cz, dan at freebsd.cz, dan at (kolej.)mff.cuni.cz
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4650939B.6020004>