From owner-cvs-all  Sat Jan 23 18:59:55 1999
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id SAA27124
          for cvs-all-outgoing; Sat, 23 Jan 1999 18:59:55 -0800 (PST)
          (envelope-from owner-cvs-all@FreeBSD.ORG)
Received: from korin.warman.org.pl (korin.nask.waw.pl [195.187.243.10])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA27116;
          Sat, 23 Jan 1999 18:59:52 -0800 (PST)
          (envelope-from abial@nask.pl)
Received: from localhost (abial@localhost)
	by korin.warman.org.pl (8.9.1/8.8.5) with SMTP id EAA15421;
	Sun, 24 Jan 1999 04:04:38 +0100 (CET)
X-Authentication-Warning: korin.warman.org.pl: abial owned process doing -bs
Date: Sun, 24 Jan 1999 04:04:37 +0100 (CET)
From: Andrzej Bialecki <abial@nask.pl>
X-Sender: abial@korin.warman.org.pl
To: Peter Wemm <peter@netplex.com.au>
cc: Mark Murray <mark@grondar.za>, Sheldon Hearn <axl@iafrica.com>,
        brandon@FreeBSD.ORG, committers@FreeBSD.ORG
Subject: Re: New crypt code is not sucessful 
In-Reply-To: <199901240216.KAA01228@spinner.netplex.com.au>
Message-ID: <Pine.BSF.4.02A.9901240356330.14247-100000@korin.warman.org.pl>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk

On Sun, 24 Jan 1999, Peter Wemm wrote:

> Andrzej Bialecki wrote:
> > On Sun, 24 Jan 1999, Peter Wemm wrote:
> > 
> > > Speaking of rehashing..  I wonder what the chances of having the password 
> > > verification stages of login (or PAM) rehashing the passwords on a 
> > > successful login would be?
> > 
> > If I'm not mistaken, it's only a matter of writing a PAM module that would
> > do this.
> 
> As I understand it, it has to be done by the module that actually asked for
> and got the password.  Adding an extra module in the sequence would (I
> believe) mean that it would have to ask for the password again.. I think..
> It depends on whether there is any caching, and at what level the cache is
> held.

Again, if I'm not mistaken ;) you can call directly the next module in
chain from inside the rewriting module. The caching would be done in the
rewriting module then:

...
getpass
 -> pam_rehash:
    check format
    -> (needs rehashing): call the old handler to check it, then convert
    -> (doesn't need): call the new handler directly
    return code
...

Andrzej Bialecki

--------------------   ++-------++  -------------------------------------
 <abial@nask.pl>       ||PicoBSD||   FreeBSD in your pocket? Go and see:
 Research & Academic   |+-------+|       "Small & Embedded FreeBSD"
 Network in Poland     | |TT~~~| |    http://www.freebsd.org/~picobsd/
--------------------   ~-+==---+-+  -------------------------------------


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message