[PAM-NTDOM] using pam_ntdom for ftp authentication
vorlon at netexpress.net
Wed Jun 14 22:30:20 GMT 2000
On Thu, 15 Jun 2000, Peter Samuelson wrote:
> [Michael Tokarev <mjt at tls.msk.ru>]
> > Hey, but what's the purpose of pam_converse functions!? Pam modules
> > should _never_ use stdin/stdout/etc, but deal with conversion
> > functions only.
> True. The difficulty is that pam_ntdom uses library files from Samba.
> Those libraries were not specifically designed for use with PAM.
So any fix to the libraries should also change the way Samba interfaces with
Simply saying "Don't output anything" isn't a good solution in many cases.
There are some PAMified applications (graphical apps, for example) where it
/is/ desirable to receive this output, but /not/ on stdout/stderr, which is
For PAM, the best fix really is to give the library a well-defined way to
pass strings back to the application (or whatever's calling the library, a
PAM module in this case). In the long term, this is the best general
solution as well; and for the case of existing samba apps, the function
needed is a really simple one: take the string, dump it to the terminal. :)
Doing it the Right Way doesn't involve much more work in this case anyway;
you'll already need to wrap every function that calls fprintf(stderr), so it
shouldn't be that difficult to just replace the fprintf calls.
More information about the samba-technical