On Sat, Jul 05, 2003 at 05:40:53AM +0900, Samuel Tesla wrote:
> All I'm really trying to figure out is how to write the conversation
> function.  Since it's going to be a CGI, I can't write an interactive
> conversation function (which is kind of what PAM assumes).

Why not?

Just use the broken design of PAM in the way everyone else does. If you look
at most PAM clients they use the following logic:

- in response to PAM_PROMPT_ECHO_ON send the username
- in response to PAM_PROMPT_ECHO_OFF send the password

Stupid and completely defeats the design objectives of PAM, but (say) a POP3
server can't use it in any other way in any case.

If PAM supported SASL then it might have some use. Otherwise there are few
things which properly support an 'interactive conversation function' in the
way that PAM requires - telnet is OK of course, ssh
KbdInteractiveAuthentication and radius Access-Challenge are the only ones I
can think of.

Regards,

Brian.