We have been happily running an old copy of poppassd on our Solaris systems for several years.
But as we increasingly use the PAM framework (Pluggable Authentication Modules) on Solaris (also available on Linux and other systems), I keep having to make various adjustments to "poppassd.c". Usually these are minor adjustments to the P1 (etc.) list of expected responses from the "passwd" program. And I've just come across another today... Has anyone given any thought to allowing poppassd to call PAM directly? (That is, in contrast to the current fork-exec-/bin/passwd model.) It would seem to be a worthwhile option for the sys.admin. to have available. Indeed, on a quick google around the net this afternoon, I found a copy which (at skim-read at least) seems to do just this. For our own immediate need, I suspect I'll simply do a quick and dirty P1 hack in the next few days. But, as a lower priority background item, I would be interested in exploring the PAM route. Naturally, there would need to be autoconf stuff to detect PAM. And it may be prudent to have a run-time switch, so that a sys.admin. on a PAM-enabled system can decide whether or not to use the PAM route. Does this PAM option seem a reasonable idea? Or might there be fundamental reasons not to proceed? -- : David Lee I.T. Service : : Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 374 2882 U.K. :
