[PAM-NTDOM] using pam_ntdom for ftp authentication
Michael Tokarev
mjt at tls.msk.ru
Wed Jun 14 20:09:46 GMT 2000
Soren Dayton wrote:
>
> Steve Langasek <vorlon at netexpress.net> writes:
[]
> > This is a problem with other PAM modules too, such as pam_krb5: the libraries
> > in use assume that sending data directly to stdout/stderr is OK. This could
> > be fixed by having a configuration flag to shut up the library, or having the
> > application pass a file descriptor for the library to use, or to have an
> > application callback function that the library uses when it wants to report
> > something... there are probably other solutions, too. Not a difficult problem
> > to fix, although perhaps a tedious one; this just wasn't something that had to
> > be worried about when the only programs using those libs were Samba programs.
> > :)
>
> I would vote for having a "silent_on_stdout" flag. What do people
> think? I'll probably try to do this very soon. Should I send in
> patches?
Hey, but what's the purpose of pam_converse functions!? Pam modules
should _never_ use stdin/stdout/etc, but deal with conversion functions
only. This way, application can (sometimes) display the message(s)
in the way it knows about... So, pam modules should _always_ run
in "silent_on_stdout" mode.
> Soren
Regards,
Michael.
More information about the samba-technical
mailing list