[Bug 112794] [patch] [request] pam_exec(8): allow pam_exec to export PAM_AUTHTOK as a environmental variable
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Jul 14 12:44:54 UTC 2014
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=112794
Dag-Erling Smørgrav <des at FreeBSD.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|In Discussion |Issue Resolved
CC| |des at FreeBSD.org
Resolution|--- |Feature Proposal Rejected
Assignee|freebsd-bugs at FreeBSD.org |des at FreeBSD.org
--- Comment #1 from Dag-Erling Smørgrav <des at FreeBSD.org> ---
Passing authentication tokens through environment variables or command line
arguments is considered poor security practice. It would be a better idea to
add an option that tells pam_exec(8) to pipe PAM_AUTHTOK and / or
PAM_OLDAUTHTOK to the program's standard input.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list