I agree with alan, we should concerns "Smartcard PIN/Kerberos password"
to support different PAM authentication methord that exist in Solaris.
su/embedded_su give out different prompt, such as Password/Smartcard
PIN/Kerberos password" depending on which PAM methord are used for
authentication. so if you want to test different prompt, you have to
configure specific PAM methord for su/embbeded_su in /etc/pam.conf.
So My suggestion is that we use "PAM_PROMPT_ECHO_OFF" and
"PAM_PROMPT_ECHO_ON" to decide if the user is needed to enter whatever
the system need, can be password or pin, and just copy the prompt(such
as Password/Smartcard Pin/Kerberos password) following by them to GUI
instead of comparing the string "password".
Jim
Takao Fujiwara - Tokyo S/W Center wrote:
> I'm not sure we need to mind the smartcard PIN/Kerberos passwords to
> switch users.
> Hmm.., I don't know how to change the string from "Password:" to
> "Smartcard PIN" with su command however if we could do it, I think C
> locale also would be hanged.
> gksu is the wrapper to ask passwords with GUI to use admin tools or
> for roles.
> gksu has the different logics between 'su' and 'sudo' and this patch
> is applied to 'su' only so I assume this case is 'su' only.
>
> Alan Coopersmith wrote:
>
>> So if su outputs a prompt for "Smartcard PIN" instead of password,
>> would it also hang? What if it asks for "Kerberos password" as well
>> as normal password?
>>
>> The point is you can't assume su prompts, no matter what the locale is.
>>
>> -Alan Coopersmith- alan.coopersmith at sun.com
>> Sun Microsystems, Inc. - X Window System Engineering
>>
>> Takao Fujiwara - Tokyo S/W Center wrote:
>>
>>> I mean fget(3C) will never come back because "su" command has no
>>> outputs after the localized string "Password:" is just ignored.
>>>
>>> while ( 1 )
>>> {
>>> bzero(buffer, 255);
>>> r = fgets (buffer, 255, infile);
>>> ...
>>>
>>> parse_embedded_su_output (context, buffer);
>>>
>>> switch (context->msg_type) {
>>>
>>> case ES_PASSWORD:
>>>
>>>
>>> Alan Coopersmith wrote:
>>>
>>>> Takao Fujiwara - Tokyo S/W Center wrote:
>>>>
>>>>> I'm updating libgksu1.2-04-rbac-support.diff.
>>>>> gksu tries to parse the string "Password:" but "Password:" is
>>>>> localized on locale then gksu hangs up by itself.
>>>>> The patch means "su" command is always run on C locale.
>>>>
>>>>
>>>>
>>>>
>>>> And what happens when su prompts for something other than "Password:"?
>>>>
>>>
>>>
>>
>>
>
>
