freebsd-hackers Digest, Vol 156, Issue 2

Dag-Erling Smørgrav des at
Tue Mar 14 14:17:54 UTC 2006

"Mr CW" <mrcomputerwiz at> writes:
> My appologies and thank you for pointing out my error.  I have been
> walking the source tree trying to find out how different programs
> work and, I'll admit, passwd is one of the first few programs.  I
> had believed that pam_get_authtok.c was tied into passwd through the
> many different includes in the program tree.  Specifically, I want
> to learn how passwd works from the point where it prompts for the
> password, where it actually receives the input, how it passes the
> password off for encryption, and when it finally obtains the
> encrypted value.

It uses PAM.  Start by reading the following:


> The lower portion of ...get_authtok.c appeared to me where this
> happens, when the response is stored in &resp, retyped into &resp2
> to ensure the two are the same, then sent to pam_set_item() for
> encryption (?).

No, pam_set_item() merely stores the password in the PAM context.

> The way I am reading it, &resp points to the unencrypted password
> string, but I could be wrong.

That is correct.

Dag-Erling Smørgrav - des at

More information about the freebsd-hackers mailing list