Re: About-me-password backend
- From: JP Rosevear <jpr novell com>
- To: Brian Cameron <Brian Cameron Sun COM>
- Cc: desktop-devel-list gnome org
- Subject: Re: About-me-password backend
- Date: Tue, 11 Apr 2006 16:42:37 -0400
On Tue, 2006-04-11 at 14:11 -0700, Brian Cameron wrote:
> > On Mon, 2006-04-10 at 23:57 +0200, Johannes H. Jensen wrote:
> >> Dear almighty GNOME hackers, I'm in need of some pointers!
> >>
> >> I'm currently hacking on the about-me password dialog (see #321567),
> >> which is spawning /usr/bin/passwd to authenticate and change the
> >> password. In the new dialog, I'm dividing the process in two, so that
> >> the user has to authenticate with his current password first (which
> >> spawns passwd to verify). If passwd doesn't complain and prompts for
> >> the new password, he can enter his new password, retype it and hit
> >> "Change password". When he hits the button, some time has elapsed
> >> since he first authenticated (and thus passwd was spawned).
> >
> > Maybe its just me, but you probably want to actually do a proper pam
> > conversation here rather than calling /usr/bin/passwd. The
> > gnome-password submission novell made ages ago had this, and we have an
> > updated version shipping with more support.
>
> One issue about supporting PAM is that some operating systems, like
> Solaris, do not allow non-root users to make PAM calls. So to be
> portable, it would be best if there were a way to launch a program
> that did the PAM interaction that could run as root. I know from
> discussion with the Solaris PAM team that they feel that allowing
> non-root users to run PAM adds security concerns that will likely
> prevent Solaris ever being able to support running PAM as a user.
So you have to run screensaver auth for instance without tieing into the
same pam stack you logged in with?
-JP
--
JP Rosevear <jpr novell com>
Novell, Inc.
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
