Date: Wed, 10 Dec 2003 17:04:17 -1000 From: Clifton Royston <cliftonr@tikitechnologies.com> To: hackers@freebsd.org Subject: Disillusioned with PAM Message-ID: <20031210170417.B21993@tikitechnologies.com>
next in thread | raw e-mail | index | archive | help
Is Kerberos 5 the only non-dummy PAM implementation of the pam_sm_chauthtok method (password changing/management)? I've been looking (and grepping) through the source of the PAM modules in 4.8 and 4.9, to check how I should interface to a chauthtok method. Not just the ones built and installed on the system, from /usr/src/lib/libpam, but the whole Linux PAM directory in /usr/src/contrib/libpam. Can it really be that pam_krb5 is the *only* PAM module supplied which implements a working password change function? I see three dummy versions (tacacs+ and the contrib pam_permit and pam_warn) and that seems to be it. /usr/bin/passwd will be a real pain to use for a Web GUI as it requires a pty, which means extensive "coding around it" to fake one up for it a la poppassd. I thought PAM was going to solve this for me, because of the "password management" function designed in... only it appears so far that no PAM method which implements local password changing actually exists on FreeBSD. What a mess. (Yeah, I know, I know - stop grumbling, code one, and contribute it.) -- Clifton -- Clifton Royston -- cliftonr@tikitechnologies.com Tiki Technologies Lead Programmer/Software Architect Did you ever fly a kite in bed? Did you ever walk with ten cats on your head? Did you ever milk this kind of cow? Well we can do it. We know how. If you never did, you should. These things are fun, and fun is good. -- Dr. Seuss
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031210170417.B21993>