--On Wednesday, October 08, 2008 04:53:29 PM -0500 Nicolas Williams <Nicolas.Williams at sun.com> wrote:
> On Wed, Oct 08, 2008 at 04:42:13PM -0500, Jason King wrote: >> In a related vein, a while ago, I wrote a simple application that'd >> allow one to exercise the pam stack of an arbitrary service (it did >> authentication, authentication, open session, close session, as well >> as the data prompting iirc). It'd be fairly trivial to write again (I >> have long since lost the original source). I found it useful for >> testing -- i could create a 'dummy' service w/ the config i wanted, >> test it using the program to make sure things worked right, before >> implementing the changes to a specific service (or other) with minimal >> risk of bricking the box. If people feel it might be useful to have, >> I'm open to writing it again. > > I've seen a number of such apps. We should probably integrate one of > them or write one from scratch. That's a good idea. I would also very much like to see an API that allows use of an alternate configuration file in place of /etc/pam.conf, to allow testing of code without privilege and without having to modify and potentially break the system configuration. Software development is not a task that should require special privilege or that the developer mangle his system. In a similar vein, I'd like to see the PAM switch lose the overzealous requirement that modules be owned by UID 0. Perhaps this has already been fixed? -- Jeff
