Thomas Munro
2018-07-07 12:21:22 UTC
Hello,
On Linux, pam_exec.so has an option "expose_authtok" which causes the
authentication token to be sent to the executed program's stdin.
That's quite a useful bridge to languages other than C that want to
check the password or use it to decrypt something etc, since otherwise
you have to provide some kind of .so wrapper providing the PAM C API
to get at that. I wrote a patch to implement that and posted it here:
https://reviews.freebsd.org/D16171 . I'd be grateful for any
feedback.
Thanks,
Thomas Munro
On Linux, pam_exec.so has an option "expose_authtok" which causes the
authentication token to be sent to the executed program's stdin.
That's quite a useful bridge to languages other than C that want to
check the password or use it to decrypt something etc, since otherwise
you have to provide some kind of .so wrapper providing the PAM C API
to get at that. I wrote a patch to implement that and posted it here:
https://reviews.freebsd.org/D16171 . I'd be grateful for any
feedback.
Thanks,
Thomas Munro