Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 28 Oct 2014 13:07:41 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-bugs@FreeBSD.org
Subject:   [Bug 194604] [libpam] [patch] pam_unix doesn't allow validation of own password
Message-ID:  <bug-194604-8-kTmnPJGnuz@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-194604-8@https.bugs.freebsd.org/bugzilla/>
References:  <bug-194604-8@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D194604

--- Comment #8 from Conrad Meyer <conrad.meyer@isilon.com> ---
(In reply to Dag-Erling Sm=C3=83=C2=B8rgrav from comment #7)
> If you feel like writing your own version and are comfortable releasing it
> under the three-clause BSD license, I may include it in OpenPAM.

Sure. The helper source file in the attached patch is 2-clause BSD; 3-claus=
e is
fine. (The attached patch also has one manual page derived from Linux-PAM,
which is 3-clause BSD.)

> It won't
> be available in FreeBSD until 10.2 at the earliest, more likely 11, but we
> can easily make a port to install it on systems that don't have it in bas=
e.

CURRENT is what I care about, that is fine.

> BTW, this

My initial patch, kcheckpass, or something else you're proposing?

> is vastly more flexible than the Linux-PAM solution, as the latter
> will only work for users with traditional password hashes available throu=
gh
> NSS, not for users who authenticate through Kerberos, RADIUS or some other
> remote method.

If we're talking about the attached patch, it only modifies pam_unix and on=
ly
checks for passwords available through getpwnam(3). My read of that man page
was that it was only for local hashes.

And of course, if a pam_unix is disabled in a PAM configuration, it won't be
run at all which may be surprising if it is expected to check remote passwo=
rds.

I'm happy to rework this in another way! Just let me know how you would lik=
e it
to look and function, or anything I can do to help.

Thanks.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-194604-8-kTmnPJGnuz>