ikerexxe
commented
2 years ago We had a similar request for RHEL and I'm wondering if we could make these two parameters configurable so that further changes are more easily made.
Open apoliakov opened 2 years ago
ikerexxe
commented
2 years ago We had a similar request for RHEL and I'm wondering if we could make these two parameters configurable so that further changes are more easily made.
bob-beach
commented
2 years ago Should be same value as PAM_MISC_CONV_BUFSIZE
Hi,
We have some use cases where, instead of passing a "regular" password, we pass an auth token to pam and then use
pam_execto validate the token. These tokens can be larger than 512 bytes. 800 or so. That runs into these two limits: https://github.com/linux-pam/linux-pam/blob/510e825ef130a843663115ec510b1237ea4708f4/libpam/include/security/_pam_types.h#L241We tested with this edit:
and that works quite well. Doesn't seem to cause any issues on modern systems.
Would you be OK making this change the default in future releases? So we can avoid recompiling. Thanks!