Password changing for xdm
James F.Hranicky
jfh at cise.ufl.edu
Fri Mar 21 09:02:37 EST 2003
Well, I'm beginning to think the PAM route should be used strictly for
password authentication and not worry about doing password expiration
with it, due to continued segfaults, and the difficulty in debugging
them in a dynamically loaded shared lib (plus no debugging symbols in
Sol8's libpam, etc). I'm tired of putting reads from fifo's in the code
to get the program to stop where I need it to :->
I'm looking at the K5 patches to XDM by David Simas (davids at idiom.com)
and they seem to work well:
ftp://idiom.com/users/davids/xdm.4.1.0-krb5.tar.bz2
He uses krb5_prompter_posix as the prompter, which, since XDM isn't
connected to a terminal, doesn't return any messages to the XDM screen,
and returns KRB5_LIBOS_CANTREADPWD when the password is expired.
I'm thinking about trying to set up a prompter that can talk to the
XDM login widget, but I'm not too familiar with all the code. If
anyone has any pointers ("can't be done without a major rewrite", etc),
I'd be greatful.
Thanks,
----------------------------------------------------------------------
| Jim Hranicky, Senior SysAdmin UF/CISE Department |
| E314D CSE Building Phone (352) 392-1499 |
| jfh at cise.ufl.edu http://www.cise.ufl.edu/~jfh |
----------------------------------------------------------------------
"Given a choice between a complex, difficult-to-understand, disconcerting
explanation and a simplistic, comforting one, many prefer simplistic
comfort if it's remotely plausible, especially if it involves blaming
someone else for their problems."
-- Bob Lewis, _Infoworld_
More information about the Kerberos
mailing list