Password changing for xdm

James F.Hranicky jfh at cise.ufl.edu
Fri Mar 21 09:02:37 EST 2003


Well, I'm beginning to think the PAM route should be used strictly for
password authentication and not worry about doing password expiration
with it, due to continued segfaults, and the difficulty in debugging
them in a dynamically loaded shared lib (plus no debugging symbols in
Sol8's libpam, etc). I'm tired of putting reads from fifo's in the code
to get the program to stop where I need it to :->

I'm looking at the K5 patches to XDM by David Simas (davids at idiom.com)
and they seem to work well:

	ftp://idiom.com/users/davids/xdm.4.1.0-krb5.tar.bz2

He uses krb5_prompter_posix as the prompter, which, since XDM isn't
connected to a terminal, doesn't return any messages to the XDM screen,
and returns KRB5_LIBOS_CANTREADPWD when the password is expired.

I'm thinking about trying to set up a prompter that can talk to the
XDM login widget, but I'm not too familiar with all the code. If 
anyone has any pointers ("can't be done without a major rewrite", etc),
I'd be greatful.

Thanks,

----------------------------------------------------------------------
| Jim Hranicky, Senior SysAdmin                   UF/CISE Department |
| E314D CSE Building                            Phone (352) 392-1499 |
| jfh at cise.ufl.edu                      http://www.cise.ufl.edu/~jfh |
----------------------------------------------------------------------

"Given a choice between a complex, difficult-to-understand, disconcerting
 explanation and a simplistic, comforting one, many prefer simplistic
 comfort if it's remotely plausible, especially if it involves blaming
 someone else for their problems."
                                                -- Bob Lewis, _Infoworld_


More information about the Kerberos mailing list