Well, I'm beginning to think the PAM route should be used strictly for
password authentication and not worry about doing password expiration
with it, due to continued segfaults, and the difficulty in debugging
them in a dynamically loaded shared lib (plus no debugging symbols in
Sol8's libpam, etc). I'm tired of putting reads from fifo's in the code
to get the program to stop where I need it to :->

I'm looking at the K5 patches to XDM by David Simas ([EMAIL PROTECTED])
and they seem to work well:

        ftp://idiom.com/users/davids/xdm.4.1.0-krb5.tar.bz2

He uses krb5_prompter_posix as the prompter, which, since XDM isn't
connected to a terminal, doesn't return any messages to the XDM screen,
and returns KRB5_LIBOS_CANTREADPWD when the password is expired.

I'm thinking about trying to set up a prompter that can talk to the
XDM login widget, but I'm not too familiar with all the code. If 
anyone has any pointers ("can't be done without a major rewrite", etc),
I'd be greatful.

Thanks,

----------------------------------------------------------------------
| Jim Hranicky, Senior SysAdmin                   UF/CISE Department |
| E314D CSE Building                            Phone (352) 392-1499 |
| [EMAIL PROTECTED]                      http://www.cise.ufl.edu/~jfh |
----------------------------------------------------------------------

"Given a choice between a complex, difficult-to-understand, disconcerting
 explanation and a simplistic, comforting one, many prefer simplistic
 comfort if it's remotely plausible, especially if it involves blaming
 someone else for their problems."
                                                -- Bob Lewis, _Infoworld_
________________________________________________
Kerberos mailing list           [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos

Reply via email to