Re: PAM exec patch to allow PAM_AUTHTOK to be exported.

Zane C.B. napsal/wrote, On 05/20/07 19:24:
My current thoughts are along the lines of passing it through stdin
currently.

You can select the channel which can be used for information passing ? It seems you have sources of the program you want to call from pam_exec.

The better way is to add a few function into sources and convert the standalone binary into regular pam module.

In the fact, the program in question:
1. is not PAM aware, so it can't work with PAM data without source code change - patch doesn't help
2. is PAM aware, so it shall to be written as regular PAM module - patch is not required

3. want's to be PAM aware, but it's programmer is too lazy to write it the clean way (as regular pam module) - we need the patch

The patch shall be rejected because the only purpose of it is to support lazy programmers creating hacks instead of solutions.

I don't want to start a flame. It's my $0.02. Your's mileage may vary.

Dan


--
Dan Lukes SISAL MFF UK
AKA: dan at obluda.cz, dan at freebsd.cz, dan at (kolej.)mff.cuni.cz
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: PAM exec patch to allow PAM_AUTHTOK to be exported.
    ... convert the standalone binary into regular pam module. ... code change - patch doesn't help ... is to support lazy programmers creating hacks instead of solutions. ... makes life of a administrator easier. ...
    (FreeBSD-Security)
  • Re: PAM exec patch to allow PAM_AUTHTOK to be exported.
    ... The patch shall be rejected because the only purpose of it ... is to support lazy programmers creating hacks instead of solutions. ... Writing PAM module with same functionality require almost the same amount of time as patching it. ... dan at obluda.cz, dan at freebsd.cz, dan at mff.cuni.cz ...
    (FreeBSD-Security)