Re: PAM exec patch to allow PAM_AUTHTOK to be exported.
Zane C.B. napsal/wrote, On 05/20/07 19:24:
> My current thoughts are along the lines of passing it through stdin
> currently.
You can select the channel which can be used for information passing ?
It seems you have sources of the program you want to call from pam_exec.
The better way is to add a few function into sources and convert the
standalone binary into regular pam module.
In the fact, the program in question:
1. is not PAM aware, so it can't work with PAM data without source code
change - patch doesn't help
2. is PAM aware, so it shall to be written as regular PAM module - patch
is not required
3. want's to be PAM aware, but it's programmer is too lazy to write it
the clean way (as regular pam module) - we need the patch
The patch shall be rejected because the only purpose of it is to
support lazy programmers creating hacks instead of solutions.
I don't want to start a flame. It's my $0.02. Your's mileage may vary.
Dan
--
Dan Lukes SISAL MFF UK
AKA: dan at obluda.cz, dan at freebsd.cz, dan at (kolej.)mff.cuni.cz
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 6 之 10 篇):