Hi, Would it be possible or has anybody ever tried to implement the PAM conversation function (https://manpages.opensuse.org/pam_conv.3) via varlink?
To get rid of setuid binaries (here passwd, chsh and chfn) my idea was to have a service running the PAM stack, and passwd, chsh and chfn are "dumb" command line tools communicating via varlink with the service. So that they don't need to be setuid. I did that in the past already with sockets and TLS, but I would prefer to use a modern framework to avoid doing everything by hand. My biggest concerns are currently the timeouts and how to do the "communication", can you do that in one call to a method? So Call a method, that will send a message back, wait for answer, send the next message, etc. until it's really finished? Thanks, Thorsten -- Thorsten Kukuk, Distinguished Engineer, Senior Architect, Future Technologies SUSE Software Solutions Germany GmbH, Frankenstraße 146, 90461 Nuernberg, Germany Managing Director: Ivo Totev, Andrew McDonald, Werner Knoblich (HRB 36809, AG Nürnberg)
