Re: LDAP+Kerberos

[Nicolas Williams <Nicolas.Williams@ubsw.com>]

A standard pam_get_authtok() helper function, along the lines of
pam_get_user(), but which would accept the same argv as the module,
would be useful here. Some modules have a private version of such a
function.

Nico


On Wed, Dec 06, 2000 at 10:21:24AM -0600, Brandon S. Allbery KF8NH wrote:
> On Wednesday, December 06, 2000 18:05 +1100, Brian May 
> <bam@snoopy.apana.org.au> wrote:
> +-----
> | Wow! I often thought this was... errr... questionable prompting for
> | the password multiple times. However, I never realized that this
> | behaviour could be changed.
> +--->8
> 
> *If* the module is written correctly.  Transarc's AFS PAM module isn't; it 
> ignores {use,try}_first_pass, so it always prompts and the following module 
> will also prompt if the AFS module fails.  (But then, what do you expect 
> when Transarc's install instrictions say "all modules must be flagged 
> 'optional'"?  Which is false, BTW.)
> 
> -- 
> brandon s. allbery     [os/2][linux][solaris][japh]    allbery@kf8nh.apk.net
> system administrator        [WAY too many hats]          allbery@ece.cmu.edu
> electrical and computer engineering                                    KF8NH
> carnegie mellon university      ["better check the oblivious first" -ke6sls]
--