Pasword quality pluggable interface project review
Nicolas Williams
Nicolas.Williams at oracle.com
Mon Aug 30 15:59:29 EDT 2010
On Mon, Aug 30, 2010 at 12:47:12PM -0700, Russ Allbery wrote:
> Nicolas Williams <Nicolas.Williams at oracle.com> writes:
>
> > Also, consider how PAM handles password change and password quality
> > checks. PAM has a single entry point for both, with a flag to indicate
> > that this is a "preliminary check, don't change the password". PAM
> > calls all the modules to do a prelim check first, then it calls them
> > again without that flag.
>
> This is a bad API that causes difficulty and confusion in implementing PAM
> modules, as revealed by the fact that many password change PAM modules get
> this wrong. This should have been two separate calls in PAM, one to check
> the password and one to change it, and we should certainly not duplicate
> this mistake elsewhere.
I agree that the style of the API is confusing. There should have been
two entry points instead of one with a flag to distinguish the two modes
of operation.
However, the fact that PAM first checks that the change is OK, then does
it, is a good thing given that there's no way to rollback password
changes.
Nico
--
More information about the krbdev
mailing list