On Sun, Jul 02, 2006 at 10:11:37AM -0600, Vincent Danen wrote: > I suppose the passwd > program would make sure the two entered passwords are identical and then > hand that password off to pam_tcb). That's not how things work. The PAM conversation function provided by the passwd program receives multiple echo-off input prompts from the PAM stack. It does not know which of those prompts are for the new password, nor does it care. In fact, for a text terminal interface, the passwd program may provide the standard PAM conversation function from libpam_misc rather than bother with its own implementation. With the configuration you had posted, the two new password prompts originate from pam_passwdqc. If you remove pam_passwdqc from the stack and also remove the use_authtok option from pam_tcb, then the prompts will originate from pam_tcb. As it relates to the segfault you're seeing, I think it'd be most straightforward to debug it rather than proceed to theorize as to its possible cause. -- Alexander Peslyak <solar at openwall.com> GPG key ID: B35D3598 fp: 6429 0D7E F130 C13E C929 6447 73C3 A290 B35D 3598 http://www.openwall.com - bringing security into open computing environments
This archive was generated by hypermail 2.1.3 : Sun Jul 02 2006 - 18:06:09 PDT