Hi Rich ! > The very fact that we're having a discussion about the redesign of > this OTP system on the busybox list seems like proof enough that it's > a very specialized need that does not belong on busybox.
Ok, this is an argument that hits. ... but what about a (not pam related) hook feature to add extra authentication via a script (owned by root and only read/executable by root). That way this script may implement any special requirements to authenticate the provided secret. The hook shall only trigger when enabled via /etc/passwd or /etc/shadow (lets say by a special passwd entry - may be the name of the hook script with full path = leading slash). That way only accounts configured for special authentication trigger this feature. All other accounts (the default) are more protected (thinking of system and daemon users). In addition providing the hook script name ass passwd entry it is possible to have different authentication methods on a single system, depending on name of user account. ... this would be a low intrusive enhancement of Busybox to allow alternate authentications without need of enabling full pam api. Just as an idea (the way I would like to go). -- Harald _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
