Previous page Next page Table of contents

4. Security issues for module creation

To ensure that the authentication tokens are not left lying around the items, PAM_AUTHTOK and PAM_OLDAUTHTOK, are reset to NULL when process control passes back to the application. This is an action of pam_get_user and the last action of functions pam_authenticate() and pam_chauthtok(). The module developer must ensure that before calling the application supplied conversation function both of the authentication tokens are reset to NULL (via two calls to pam_set_item()).


Previous page Next page Table of contents