[prev in list] [next in list] [prev in thread] [next in thread]
List: info-cyrus
Subject: Re: Cyrus IMAP Presentation
From: Eric Estabrooks <eric () urbanrage ! com>
Date: 2002-09-22 16:54:27
[Download RAW message or body]
Ken Murchison wrote:
>Quoting Eric Estabrooks <eric@urbanrage.com>:
>
>
>
>>
>>
>>>
>>>
>>It should be possible to write a pam module (or extend an existing one)
>>to include other mechanisms beside plain, if like you said you had plain
>>
>>
>
>My understanding of PAM is that you can't retrieve the password. You simply
>pass it a user, password and service and PAM tells you whether it is
>correct/allowed or not. I haven't checked the PAM API, so maybe there is a
>way.
>
There isn't as far as I know, you can do it by perverting the messaging
interface, but that would be bad.
>
>
>>text passwords available on the server side. Of course there might be
>>an additional restriction imposed by the sasl interface in that it might
>>only present plain to the pam interface or the likes of saslauthd and
>>try to resolve others internally or drop them if configured for using pam.
>>
>>
>
>Assuming that youy can get PAM to return the plaintext password, you'd have to
>write a PAM auxprop plugin. SASL only uses auxprop to fetch the plaintext
>passwords (as opposed to checking the validity, which it does via saslauthd).
>
>
Ah, I was looking at it from the other side thinking saslauthd would
pass in the base64 encoded challenge response from cram and the pam
module would still do a success/fail response by replicating the hmac
functionality internally.
Eric
>
>
["smime.p7s" (application/x-pkcs7-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic