Well, I'm beginning to think the PAM route should be used strictly for password authentication and not worry about doing password expiration with it, due to continued segfaults, and the difficulty in debugging them in a dynamically loaded shared lib (plus no debugging symbols in Sol8's libpam, etc). I'm tired of putting reads from fifo's in the code to get the program to stop where I need it to :->
I'm looking at the K5 patches to XDM by David Simas ([EMAIL PROTECTED]) and they seem to work well: ftp://idiom.com/users/davids/xdm.4.1.0-krb5.tar.bz2 He uses krb5_prompter_posix as the prompter, which, since XDM isn't connected to a terminal, doesn't return any messages to the XDM screen, and returns KRB5_LIBOS_CANTREADPWD when the password is expired. I'm thinking about trying to set up a prompter that can talk to the XDM login widget, but I'm not too familiar with all the code. If anyone has any pointers ("can't be done without a major rewrite", etc), I'd be greatful. Thanks, ---------------------------------------------------------------------- | Jim Hranicky, Senior SysAdmin UF/CISE Department | | E314D CSE Building Phone (352) 392-1499 | | [EMAIL PROTECTED] http://www.cise.ufl.edu/~jfh | ---------------------------------------------------------------------- "Given a choice between a complex, difficult-to-understand, disconcerting explanation and a simplistic, comforting one, many prefer simplistic comfort if it's remotely plausible, especially if it involves blaming someone else for their problems." -- Bob Lewis, _Infoworld_ ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos