Date: Mon, 3 Jul 2006 04:38:07 +0400 From: Solar Designer <solar@...nwall.com> To: owl-users@...ts.openwall.com Subject: Re: tcb and friends with shadow-utils 4.0.12 On Sun, Jul 02, 2006 at 10:11:37AM -0600, Vincent Danen wrote: > I suppose the passwd > program would make sure the two entered passwords are identical and then > hand that password off to pam_tcb). That's not how things work. The PAM conversation function provided by the passwd program receives multiple echo-off input prompts from the PAM stack. It does not know which of those prompts are for the new password, nor does it care. In fact, for a text terminal interface, the passwd program may provide the standard PAM conversation function from libpam_misc rather than bother with its own implementation. With the configuration you had posted, the two new password prompts originate from pam_passwdqc. If you remove pam_passwdqc from the stack and also remove the use_authtok option from pam_tcb, then the prompts will originate from pam_tcb. As it relates to the segfault you're seeing, I think it'd be most straightforward to debug it rather than proceed to theorize as to its possible cause. -- Alexander Peslyak <solar at openwall.com> GPG key ID: B35D3598 fp: 6429 0D7E F130 C13E C929 6447 73C3 A290 B35D 3598 http://www.openwall.com - bringing security into open computing environments
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.