Date: Wed, 10 Dec 2003 17:04:17 -1000 From: Clifton Royston <cliftonr@tikitechnologies.com> To: hackers@freebsd.org Subject: Disillusioned with PAM Message-ID: <20031210170417.B21993@tikitechnologies.com>
next in thread | raw e-mail | index | archive | help
Is Kerberos 5 the only non-dummy PAM implementation of the
pam_sm_chauthtok method (password changing/management)?
I've been looking (and grepping) through the source of the PAM
modules in 4.8 and 4.9, to check how I should interface to a chauthtok
method. Not just the ones built and installed on the system, from
/usr/src/lib/libpam, but the whole Linux PAM directory in
/usr/src/contrib/libpam.
Can it really be that pam_krb5 is the *only* PAM module supplied
which implements a working password change function? I see three dummy
versions (tacacs+ and the contrib pam_permit and pam_warn) and that
seems to be it.
/usr/bin/passwd will be a real pain to use for a Web GUI as it
requires a pty, which means extensive "coding around it" to fake one up
for it a la poppassd. I thought PAM was going to solve this for me,
because of the "password management" function designed in... only it
appears so far that no PAM method which implements local password
changing actually exists on FreeBSD. What a mess.
(Yeah, I know, I know - stop grumbling, code one, and contribute it.)
-- Clifton
--
Clifton Royston -- cliftonr@tikitechnologies.com
Tiki Technologies Lead Programmer/Software Architect
Did you ever fly a kite in bed? Did you ever walk with ten cats on your head?
Did you ever milk this kind of cow? Well we can do it. We know how.
If you never did, you should. These things are fun, and fun is good.
-- Dr. Seuss
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031210170417.B21993>