pam_userpass 1.0 reviewDownload
PAM has traditionally assumed that services doing authentication have the ability to interact with the user
PAM has traditionally assumed that services doing authentication have the ability to interact with the user. Unfortunately, this isn't true for services that implement non-interactive and/or fixed protocols, such as FTP and POP3.
This is typically worked around by making the flawed assumption that PAM_PROMPT_ECHO_ON requests the username and PAM_PROMPT_ECHO_OFF requests the password.
With pam_userpass, this assumption is no longer required. pam_userpass uses PAM binary prompts to ask the application for the username and password specifically.
pam_userpass doesn't perform any actual authentication. An actual authentication module should be stacked after pam_userpass and told to use the authentication token (password) provided by pam_userpass.
pam_userpass 1.0 keywords