> This should be easy to fix either in the current implementation of PAM
Ha, ha. There are reasons why I'm (slowly) rewriting the world instead of contributing to other projects. One of the main reasons is that most people write code of HORRIBLE quality and I'll take no part in that. PAM is no exception. > or by writing a replacement for the main PAM code that can use the existing > module > code Maybe, but the workings of PAM are inherently complex. I'd rather design a simpler API. >> [ to have executables instead of shared objects as atoms ] > No, this is just as broken and probably is full of security problems > to be considered. Running child processes is anything but transparent > to the calling program. Huh ? Who said anything about child processes ? I was talking about something like the checkpassword interface (see http://cr.yp.to/checkpwd/interface.html ), but enhanced to provide the functionality that OTP and other auth schemes need. No child processes, just chain loading. > or else have a local "pamd" that does all the authentication work That's another viable solution indeed. But people might not like it because it's not transparent. -- Laurent _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
