[Bug 112794] [patch] [request] pam_exec(8): allow pam_exec to export PAM_AUTHTOK as a environmental variable

bugzilla-noreply Mon, 14 Jul 2014 05:46:26 -0700

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=112794


Dag-Erling Smørgrav <d...@freebsd.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|In Discussion               |Issue Resolved
                 CC|                            |d...@freebsd.org
         Resolution|---                         |Feature Proposal Rejected
           Assignee|freebsd-bugs@FreeBSD.org    |d...@freebsd.org

--- Comment #1 from Dag-Erling Smørgrav <d...@freebsd.org> ---
Passing authentication tokens through environment variables or command line
arguments is considered poor security practice.  It would be a better idea to
add an option that tells pam_exec(8) to pipe PAM_AUTHTOK and / or
PAM_OLDAUTHTOK to the program's standard input.

-- 
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebsd-bugs@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"

[Bug 112794] [patch] [request] pam_exec(8): allow pam_exec to export PAM_AUTHTOK as a environmental variable

Reply via email to