Password changing for xdm

Ken Hornstein kenh at cmf.nrl.navy.mil
Fri Mar 21 09:58:35 EST 2003


>Well, I'm beginning to think the PAM route should be used strictly for
>password authentication and not worry about doing password expiration
>with it, due to continued segfaults, and the difficulty in debugging
>them in a dynamically loaded shared lib (plus no debugging symbols in
>Sol8's libpam, etc). I'm tired of putting reads from fifo's in the code
>to get the program to stop where I need it to :->

Heh.  You see why I choose to make xlock use the Kerberos call directly?

>I'm looking at the K5 patches to XDM by David Simas (davids at idiom.com)
>and they seem to work well:
>
>	ftp://idiom.com/users/davids/xdm.4.1.0-krb5.tar.bz2
>
>He uses krb5_prompter_posix as the prompter, which, since XDM isn't
>connected to a terminal, doesn't return any messages to the XDM screen,
>and returns KRB5_LIBOS_CANTREADPWD when the password is expired.
>
>I'm thinking about trying to set up a prompter that can talk to the
>XDM login widget, but I'm not too familiar with all the code. If 
>anyone has any pointers ("can't be done without a major rewrite", etc),
>I'd be greatful.

A guy I know claimed he did this already; I can try to dig up the code
on Monday, if you're interested.

--Ken


More information about the Kerberos mailing list