[PAM-NTDOM] using pam_ntdom for ftp authentication

Steve Langasek vorlon at netexpress.net
Wed Jun 14 22:30:20 GMT 2000

On Thu, 15 Jun 2000, Peter Samuelson wrote:

> [Michael Tokarev <mjt at tls.msk.ru>]
> > Hey, but what's the purpose of pam_converse functions!?  Pam modules
> > should _never_ use stdin/stdout/etc, but deal with conversion
> > functions only.

> True.  The difficulty is that pam_ntdom uses library files from Samba.
> Those libraries were not specifically designed for use with PAM.

So any fix to the libraries should also change the way Samba interfaces with
the libraries.

Simply saying "Don't output anything" isn't a good solution in many cases.
There are some PAMified applications (graphical apps, for example) where it
/is/ desirable to receive this output, but /not/ on stdout/stderr, which is

For PAM, the best fix really is to give the library a well-defined way to
pass strings back to the application (or whatever's calling the library, a
PAM module in this case).  In the long term, this is the best general
solution as well; and for the case of existing samba apps, the function
needed is a really simple one: take the string, dump it to the terminal. :)

Doing it the Right Way doesn't involve much more work in this case anyway;
you'll already need to wrap every function that calls fprintf(stderr), so it
shouldn't be that difficult to just replace the fprintf calls.

Steve Langasek
postmodern programmer

More information about the samba-technical mailing list