Date: Sat, 19 Jan 2002 19:24:42 +0000 From: Mark Murray <mark@grondar.za> To: "Andrey A. Chernov" <ache@nagual.pp.ru> Cc: Dag-Erling Smorgrav <des@ofug.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: For all who miss it, PAM changes explanation reposted Message-ID: <200201191924.g0JJOgt23714@grimreaper.grondar.org> In-Reply-To: <20020119190636.GE12683@nagual.pp.ru> ; from "Andrey A. Chernov" <ache@nagual.pp.ru> "Sat, 19 Jan 2002 22:06:36 %2B0300." References: <20020119190636.GE12683@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Sat, Jan 19, 2002 at 18:53:59 +0000, Mark Murray wrote: > > > > Ok - read the document. It tells you which are allowable. You can read, > > you are a programmer - you are writing the code. Yo decide which is the > > most appropriate one (from the allowable list) and use that. > > From my point of view, the only appropriate for this case error code from > valid pam_sm_authenticate() error codes list in pam_modules.sgml is: > > <tag><tt/PAM_CRED_INSUFFICIENT/</tag> > For some reason the application does not have sufficient > credentials to authenticate the user. This means that "stuff" needed to authenticate the user is insufficient. (For example, in a two-password scenario where only one password has been supplied). If you can use that meaning, then fine! (Note that "insufficient" != "wrong"). If there is no return code to achieve the result that you need, you may need to come to terms with PAM not being able to do what you want. > All other codes looks even less appropriate as pam_opie() return. > But if you say that you like another code better, than my choice, I agree > with you. You have a clear idea of what you need to achieve - are you sure that PAM can do this? At this stage, it looks as though PAM (as documented) cannot. This may be a problem in its own right, in which case PAM (core PAM) needs to be fixed. If _that_ is the case, this this needs to be carefully thought out and co-ordinated through DES and myself. M -- o Mark Murray \_ FreeBSD Services Limited O.\_ Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200201191924.g0JJOgt23714>