Marco Sommella schrieb: > Excuse me but pam_set_data can be used only in modules, what about > informations i need to receive from client but can't be asked in prompt > to user (so no pam conv function)? >
AFAIK pam_set_data can be used in the application, but it is not recommended to do so. If you really need to use it that way, this indicates an architectural problem in your use of PAM. There is a fixed set of PAM items, because all applications and modules should know about the items, when to set them and to what values. The point of PAM is that you can mix and match clients and applications. You appear to desire a private data channel between a single (new) PAM client and a specific PAM module. That is against the intent of the P(luggable) in PAM. If you think you need a new item, then: - Existing PAM clients won't know about it and can't set it. Because of this your module can not depend having the item set up or evaluated by clients. - Existing modules won't know what to do with the item, so your client can't depend on achieving the desired effect when setting or inspecting the item. If you truly think you have a new item that is useful for a whole class of clients and a range of modules, then you should work with the PAM team to get this accepted as extension to the PAM framework. Otherwise, if you have a module that will only work for a specific client or that needs to have specific extra behavior for a specific client (based on information only that client can provide), then you should first reconsider if making this a PAM module is really appropriate. If you then still stick with your design, pam_set_data is just one of several ways to set up a private exchange of information between the client and the module - the other methods simply bypass the PAM framework, which at least makes it obvious what is going on. - J?rg -- Joerg Barfurth Software Engineer mailto:joerg.barfurth at sun.com Desktop Technology Thin Client Software http://www.sun.com/software/sunray/ Sun Microsystems GmbH http://www.sun.com/software/javadesktopsystem/
