[Bug 112794] [patch] [request] pam_exec(8): allow pam_exec to export PAM_AUTHTOK as a environmental variable

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Mon Jul 14 12:44:54 UTC 2014


Dag-Erling Smørgrav <des at FreeBSD.org> changed:

           What    |Removed                     |Added
             Status|In Discussion               |Issue Resolved
                 CC|                            |des at FreeBSD.org
         Resolution|---                         |Feature Proposal Rejected
           Assignee|freebsd-bugs at FreeBSD.org    |des at FreeBSD.org

--- Comment #1 from Dag-Erling Smørgrav <des at FreeBSD.org> ---
Passing authentication tokens through environment variables or command line
arguments is considered poor security practice.  It would be a better idea to
add an option that tells pam_exec(8) to pipe PAM_AUTHTOK and / or
PAM_OLDAUTHTOK to the program's standard input.

You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list