From owner-freebsd-security@FreeBSD.ORG Wed Jan 5 10:45:10 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 42F501065670; Wed, 5 Jan 2011 10:45:10 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id F23678FC15; Wed, 5 Jan 2011 10:45:09 +0000 (UTC) Received: from ds4.des.no (des.no [84.49.246.2]) by smtp.des.no (Postfix) with ESMTP id BA7361FFC33; Wed, 5 Jan 2011 10:45:08 +0000 (UTC) Received: by ds4.des.no (Postfix, from userid 1001) id 5862A84531; Wed, 5 Jan 2011 11:45:08 +0100 (CET) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: "Christopher J. Ruwe" References: <20101229232030.25b2bd5a@dijkstra> Date: Wed, 05 Jan 2011 11:45:08 +0100 In-Reply-To: <20101229232030.25b2bd5a@dijkstra> (Christopher J. Ruwe's message of "Wed, 29 Dec 2010 23:20:30 +0100") Message-ID: <864o9nhbnv.fsf@ds4.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.2 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-hackers@freebsd.org, freebsd-doc@freebsd.org, freebsd-questions@freebsd.org, freebsd-security@freebsd.org Subject: Re: setting a random password with PAM API X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Jan 2011 10:45:10 -0000 "Christopher J. Ruwe" writes: > I am trying to implement the feature to set a random password like in > BSD "pw usermod -W" in the Solaris passwd. Regrettably, I have not > found or perhaps not understood the PAM API documentation on how to > _inject a given string_ into the change-auth-token function > pam_chauthtok(...), which always jumps in an interactive pw-changing > loop. There is no reliable way to do that. You don't even know that there is such a thing as a password. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-security@FreeBSD.ORG Wed Jan 5 18:34:13 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5C58D1065672 for ; Wed, 5 Jan 2011 18:34:13 +0000 (UTC) (envelope-from cjr@cruwe.de) Received: from cruwe.de (t1850.greatnet.de [83.133.124.96]) by mx1.freebsd.org (Postfix) with ESMTP id BABFD8FC13 for ; Wed, 5 Jan 2011 18:34:12 +0000 (UTC) Received: (qmail 1416 invoked from network); 5 Jan 2011 18:34:09 -0000 Received: from p57bde25e.dip.t-dialin.net (HELO dijkstra) (smtpallow@87.189.226.94) by t1850.greatnet.de with ESMTPA; 5 Jan 2011 18:34:09 -0000 Date: Wed, 5 Jan 2011 19:34:12 +0100 From: "Christopher J. Ruwe" To: freebsd-questions@freebsd.org Message-ID: <20110105193412.674f30e5@dijkstra> In-Reply-To: <864o9nhbnv.fsf@ds4.des.no> References: <20101229232030.25b2bd5a@dijkstra> <864o9nhbnv.fsf@ds4.des.no> X-Mailer: Claws Mail 3.7.6 (GTK+ 2.22.1; amd64-portbld-freebsd8.1) Mime-Version: 1.0 Content-Type: multipart/signed; micalg=PGP-SHA1; boundary="Sig_/HB4lThJw/5aeGT45UWqpVZP"; protocol="application/pgp-signature" Cc: freebsd-security@freebsd.org, des@des.no Subject: Re: setting a random password with PAM API X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Jan 2011 18:34:13 -0000 --Sig_/HB4lThJw/5aeGT45UWqpVZP Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Wed, 05 Jan 2011 11:45:08 +0100 Dag-Erling Sm=C3=B8rgrav wrote: > "Christopher J. Ruwe" writes: > > I am trying to implement the feature to set a random password like > > in BSD "pw usermod -W" in the Solaris passwd. Regrettably, I have > > not found or perhaps not understood the PAM API documentation on > > how to _inject a given string_ into the change-auth-token function > > pam_chauthtok(...), which always jumps in an interactive pw-changing > > loop. >=20 > There is no reliable way to do that. You don't even know that there > is such a thing as a password. >=20 > DES Thank you very much for your answer, although I suspected so, I still hoped for another content.=20 Kind regards, --=20 Christopher J. Ruwe TZ GMT + 1 --Sig_/HB4lThJw/5aeGT45UWqpVZP Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (FreeBSD) iQIcBAEBAgAGBQJNJLmpAAoJEJTIKW/o3iwUa78QANTh+//rPoJAwl+WUKntZqgC /CsDsM++NjR0N0Ww1XRJX6x4Tub9ku9D0ZfAOW7ogqqpicYm7CStky6O34hsyRGm ERf93lsodN+/71/QNCZB5nsqxrTxEMlSArfoSap3IQhODFNmju4qvHCMfNFecjPl A2p+okDvpbvucQ7ymD0VuoYStXAFVpS/ozkZfxD3dJe4AKEnjc8htXFMnwtK6jMh ZZUiKcNGZhAp7RnUO9uvuYBLciAzAXEJTIe/+fEARScuPDZFxC92qxuMvTZ9YErH uIxY4FMRF0e3BTDFzte8NGgDEJWKvDCJ1jkDJ+scfGJo+kZZLSln/VCBX9CLFUqk txak5lMW18U2H0MCdG7q1oLkPTReFv/gvdBqEDgQkMFLtDTZtkPqqKnTcNB0tFWf J0TegWvEO+V3rVln+Uw2yTiSfKCtuy/kM2Y2qtM1K8ndW3chh6SpBw5oQvDAs+hd F8p4HkPpNTMFHoNtviBO8PF5El6/Dj6iCPtV4j2CzsDasFr8YfNNEq609deCV0VK fdj0CrsJrCR92Vsk1WPGzBL+MCXBBanJgEysAmPTlS9pSkeHGte9KwrRc0PTn4MX G33kgI7OgWa5N6oxB9IWcwof+MqIxo4eToehQ7kNXwwlUKA9meA8dl/6s0Id97wj aIxknmBh+dng2MpgBPJ2 =L5R9 -----END PGP SIGNATURE----- --Sig_/HB4lThJw/5aeGT45UWqpVZP--