From owner-freebsd-hackers@FreeBSD.ORG Thu Dec 11 04:07:05 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C8DAF16A4D1 for ; Thu, 11 Dec 2003 04:07:05 -0800 (PST) Received: from apache04.the-ecorp.com (apache04.the-ecorp.com [212.190.132.100]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3DEFC43D2D for ; Thu, 11 Dec 2003 04:06:58 -0800 (PST) (envelope-from staf.wagemakers@belgacom.net) Received: from staflaptop (unknown [10.67.50.201]) by apache04.the-ecorp.com (Postfix) with ESMTP id 604E2510; Thu, 11 Dec 2003 10:53:39 +0100 (CET) Received: by staflaptop (Postfix, from userid 1005) id C8521833B; Thu, 11 Dec 2003 11:05:20 +0100 (CET) Date: Thu, 11 Dec 2003 11:05:20 +0100 From: staf wagemakers To: hackers@freebsd.org Message-ID: <20031211100520.GA3181@staflaptop.antw.the-ecorp.com> Mail-Followup-To: hackers@freebsd.org References: <20031210170417.B21993@tikitechnologies.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031210170417.B21993@tikitechnologies.com> User-Agent: Mutt/1.5.4i Subject: Re: Disillusioned with PAM X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Dec 2003 12:07:05 -0000 On Wed, Dec 10, 2003 at 05:04:17PM -1000, Clifton Royston wrote: > > I've been looking (and grepping) through the source of the PAM > modules in 4.8 and 4.9, to check how I should interface to a chauthtok > method. Not just the ones built and installed on the system, from > /usr/src/lib/libpam, but the whole Linux PAM directory in > /usr/src/contrib/libpam. > > Can it really be that pam_krb5 is the *only* PAM module supplied > which implements a working password change function? I see three dummy > versions (tacacs+ and the contrib pam_permit and pam_warn) and that > seems to be it. > Some time ago I've created CGIpaf, a web interface for changing a user's password, Autoreply and mail forwarding. The pam password changer didn't work on FreeBSD, I didn't dig in the FreeBSD source. But I guess you did that for me ;-) > /usr/bin/passwd will be a real pain to use for a Web GUI as it > requires a pty, which means extensive "coding around it" to fake one up > for it a la poppassd. I thought PAM was going to solve this for me, > because of the "password management" function designed in... only it > appears so far that no PAM method which implements local password > changing actually exists on FreeBSD. What a mess. > CGIpaf supports FreeBSD without pam basically it runs "pwd_mkdb" to update the password. If you need c functions to update a password the source might be useful to you. http://staf.patat.org/cgipaf/ -- Staf Wagemakers email: staf@patat.org homepage: http://staf.patat.org