Well, I'm beginning to think the PAM route should be used strictly for
password authentication and not worry about doing password expiration
with it, due to continued segfaults, and the difficulty in debugging
them in a dynamically loaded shared lib (plus no debugging symbols in
Sol8's libpam, etc). I'm tired of putting reads from fifo's in the code
to get the program to stop where I need it to :->
I'm looking at the K5 patches to XDM by David Simas ([EMAIL PROTECTED])
and they seem to work well:
ftp://idiom.com/users/davids/xdm.4.1.0-krb5.tar.bz2
He uses krb5_prompter_posix as the prompter, which, since XDM isn't
connected to a terminal, doesn't return any messages to the XDM screen,
and returns KRB5_LIBOS_CANTREADPWD when the password is expired.
I'm thinking about trying to set up a prompter that can talk to the
XDM login widget, but I'm not too familiar with all the code. If
anyone has any pointers ("can't be done without a major rewrite", etc),
I'd be greatful.
Thanks,
----------------------------------------------------------------------
| Jim Hranicky, Senior SysAdmin UF/CISE Department |
| E314D CSE Building Phone (352) 392-1499 |
| [EMAIL PROTECTED] http://www.cise.ufl.edu/~jfh |
----------------------------------------------------------------------
"Given a choice between a complex, difficult-to-understand, disconcerting
explanation and a simplistic, comforting one, many prefer simplistic
comfort if it's remotely plausible, especially if it involves blaming
someone else for their problems."
-- Bob Lewis, _Infoworld_
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
