> On Sun, Jan 20, 2002 at 23:44:44 +0000, Mark Murray wrote:
> > > Yes. And to allow PAM stack to make right decision, pam_opie pass special
> > > information to PAM stack. Look at the patch, pam_opie not breaks from the
> > > stack by yourself, it is /etc/pam* do that using information from
> > > pam_opie.
> > 
> > Sure - but you are making specialised use of the return value that
> > assumes that pam_opie will be followed by pam_unix. This violates
> > the PAM spec.
> The alternative (yet one) way can be adding Unix (plaintext) password
> checking code directly to pam_opie. It makes pam_opie fully independent of
> other modules and specific position in the /etc/pam.d/* config files and
> allows us to not touch them. If you agree with that way, I'll come with
> the patch.

No. I completely disagree with that method. that is pam_unix's job.

DES's PAM_IGNORE suggestion has a lot of merit.

> About other points stated in your message, my answer depends on what you
> deside for above, because it is unneded to discuss them, if you agree to
> make pam_opie self-containing.

It must be self-contained, and it must not do stuff that is the job
of other modules. Unix password checking is not pam_opie's job.

o       Mark Murray
\_      FreeBSD Services Limited
O.\_    Warning: this .sig is umop ap!sdn

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to