From owner-freebsd-hackers@FreeBSD.ORG Wed Dec 10 19:04:18 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A65ED16A4CE for ; Wed, 10 Dec 2003 19:04:18 -0800 (PST) Received: from malasada.lava.net (malasada.lava.net [64.65.64.17]) by mx1.FreeBSD.org (Postfix) with ESMTP id C999243D2D for ; Wed, 10 Dec 2003 19:04:17 -0800 (PST) (envelope-from cliftonr@lava.net) Received: by malasada.lava.net (Postfix, from userid 102) id 4AE2F153A33; Wed, 10 Dec 2003 17:04:17 -1000 (HST) Date: Wed, 10 Dec 2003 17:04:17 -1000 From: Clifton Royston To: hackers@freebsd.org Message-ID: <20031210170417.B21993@tikitechnologies.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Subject: Disillusioned with PAM X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Dec 2003 03:04:18 -0000 Is Kerberos 5 the only non-dummy PAM implementation of the pam_sm_chauthtok method (password changing/management)? I've been looking (and grepping) through the source of the PAM modules in 4.8 and 4.9, to check how I should interface to a chauthtok method. Not just the ones built and installed on the system, from /usr/src/lib/libpam, but the whole Linux PAM directory in /usr/src/contrib/libpam. Can it really be that pam_krb5 is the *only* PAM module supplied which implements a working password change function? I see three dummy versions (tacacs+ and the contrib pam_permit and pam_warn) and that seems to be it. /usr/bin/passwd will be a real pain to use for a Web GUI as it requires a pty, which means extensive "coding around it" to fake one up for it a la poppassd. I thought PAM was going to solve this for me, because of the "password management" function designed in... only it appears so far that no PAM method which implements local password changing actually exists on FreeBSD. What a mess. (Yeah, I know, I know - stop grumbling, code one, and contribute it.) -- Clifton -- Clifton Royston -- cliftonr@tikitechnologies.com Tiki Technologies Lead Programmer/Software Architect Did you ever fly a kite in bed? Did you ever walk with ten cats on your head? Did you ever milk this kind of cow? Well we can do it. We know how. If you never did, you should. These things are fun, and fun is good. -- Dr. Seuss