Re: [gdm-list] Separate username and password fields

[Jörg Barfurth <joerg barfurth oracle com>]

Ludwig Nussel schrieb:

> Actually PAM does support multiple prompts at once. You just need a
> module that actually asks for username and password in one
> conversation (such as pam_unix2). Years ago I even made proof of
> concept patch for GDM:

One of the issues with that is, that the multiple prompt part of the 
conversation function interface is/was specified ambiguously. The 
(original) Sun interpretation differs from the one seen with some other 
implementations (including the Linux-PAM one).

Even setting up the parameters to pass multiple output-only messages to 
the conversation function is tricky to do in a way that is compatible 
with both interpretations. But at least it is possible.

There are additional incompatibilities to deal with when using multiple 
prompts and correspondingly multiple response values in order to 
correctly use the responses and eventually free the memory. This also 
affects the modules, which must correctly allocate the responses.

IIRC mixing output messages and input prompts in a single conversation 
call is worst, as far as portability is concerned.

So getting this to work cross-platform is hard and probably requires 
platform ifdefs.

This may be one of the reasons that this facility never gained much 
traction or support.

- Jörg

--
Jörg Barfurth                        http://blogs.sun.com/joergb

Disclaimer: I am employed by Oracle. The statements and opinions
expressed here are my own and do not necessarily represent those
of Oracle Corporation.