[Bug 1681] conversation function for passwd auth method assumes instead of fail

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Dec 4 03:43:05 EST 2009


https://bugzilla.mindrot.org/show_bug.cgi?id=1681

--- Comment #5 from Zdeněk Kotala <zdenek.kotala at sun.com> 2009-12-04 03:43:04 EST ---
(In reply to comment #4)
> Maybe the standard says that however I am just saying what current and
> all previous Linux-PAM versions did - they do not allow neither to get
> nor set the PAM_AUTHTOK item from application.

Also Linux-Pan documentation says
(http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/mwg-expected-by-module-item.html#mwg-pam_set_item):

---
PAM_AUTHTOK

    The authentication token (often a password). This token should be
ignored by all module functions besides pam_sm_authenticate(3) and
pam_sm_chauthtok(3). In the former function it is used to pass the most
recent authentication token from one stacked module to another. In the
latter function the token is used for another purpose. It contains the
currently active authentication token. 
---

It is also mentioned in documentation from 2002/05/09. It should work
on linux as well. If not PAM modules stack could works together.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list