Disillusioned with PAM
staf wagemakers
staf.wagemakers at belgacom.net
Thu Dec 11 04:07:05 PST 2003
On Wed, Dec 10, 2003 at 05:04:17PM -1000, Clifton Royston wrote:
>
> I've been looking (and grepping) through the source of the PAM
> modules in 4.8 and 4.9, to check how I should interface to a chauthtok
> method. Not just the ones built and installed on the system, from
> /usr/src/lib/libpam, but the whole Linux PAM directory in
> /usr/src/contrib/libpam.
>
> Can it really be that pam_krb5 is the *only* PAM module supplied
> which implements a working password change function? I see three dummy
> versions (tacacs+ and the contrib pam_permit and pam_warn) and that
> seems to be it.
>
Some time ago I've created CGIpaf, a web interface for changing a user's
password, Autoreply and mail forwarding.
The pam password changer didn't work on FreeBSD, I didn't dig in the FreeBSD
source. But I guess you did that for me ;-)
> /usr/bin/passwd will be a real pain to use for a Web GUI as it
> requires a pty, which means extensive "coding around it" to fake one up
> for it a la poppassd. I thought PAM was going to solve this for me,
> because of the "password management" function designed in... only it
> appears so far that no PAM method which implements local password
> changing actually exists on FreeBSD. What a mess.
>
CGIpaf supports FreeBSD without pam basically it runs "pwd_mkdb" to
update the password. If you need c functions to update a password the
source might be useful to you. http://staf.patat.org/cgipaf/
--
Staf Wagemakers
email: staf at patat.org
homepage: http://staf.patat.org
More information about the freebsd-hackers
mailing list