[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[OATH-Toolkit-help] [patch] Allow ignoring password in pam_unix usersfil
|
From: |
Ilkka Virta |
|
Subject: |
[OATH-Toolkit-help] [patch] Allow ignoring password in pam_unix usersfile |
|
Date: |
Tue, 27 Nov 2012 16:14:27 +0200 |
|
User-agent: |
Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/17.0 Thunderbird/17.0 |
Hi,
pam_oath currently has the capability to read a static password in
addition to the OTP. The static part of the password is also saved
to PAM_AUTHTOK, and it could be used by another module in the PAM stack,
for example pam_unix.so try_first_pass.
However, pam_oath also always checks the password against the one in the
usersfile, so getting pam_oath and pam_unix to authenticate
using a simple prompt is impossible.
I can't tell from the documentation what the semantics regarding this
are supposed to be, so I suggest changing the usersfile handling such
that if the saved password is '*' (a lone asterisk), the password check
is disabled, allowing the use of pam_unix to check the static part of
the password. The attached patch implements this.
liboath-ign-pw.diff
Description: Text document
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [OATH-Toolkit-help] [patch] Allow ignoring password in pam_unix usersfile,
Ilkka Virta <=