(please note that I am not subscribed to current-users, so please Cc me 
on replies - thansk)

Dag-Erling Smørgrav wrote:
> Damien Miller <djm@mindrot.org> writes:
> 
>>3. Differences between vendors' implementations. Solaris PAM passes 
>>message arguments differently to LinuxPAM and OpenPAM.
> 
> No, it does not.

Then why have we had to use PAM_MSG_MEMBER hacks in portable OpenSSH
for over three years?

Solaris PAM (at least historically) has passed the prompts to a
conversation function as a pointer to an array of struct pam_message.
Linux PAM and OpenPAM pass prompts as an array of pointers to struct
pam_message.

The PAM spec is silent on the meanings of the arguments to the
conversation function (a really sad state of affairs for a security
technology). Worse, I haven't seen the various PAM vendors make any
serious effort to work out the inconsistencies or work on a unified
portability document - I'd love to see one if it exists.

 > I have the source code in front of me.

Which source code? The Sun sample pam module, which dodges the issue
by only generating a single prompt?

-d