Joerg Sonnenberger wrote:
On Mon, Mar 08, 2010 at 04:05:29PM -0500, Richard Hansen wrote:Joerg Sonnenberger wrote:On Mon, Mar 08, 2010 at 03:16:29PM -0500, Richard Hansen wrote:There's at least one other way pam_start() can fail: if you misspell the name of a pam module in an /etc/pam.d file. (Can you guess how I originally stumbled across the segfault? :-P) A "module not found" message would be useful.Yes, but that error is not send down in any meaningful way.I'm not sure what you mean -- passwd prints the error message to stderr. Other apps might not have a useful way to deliver the error message to the user, but that's for the apps to figure out.Anything more than a plain number and fixed error message is not possible with the constraints of the interface.
I'm sorry, I'm still not following. Are you arguing that pam_strerror() isn't needed for pam_start() failures because there's no useful information to convey to the user?
So Sun at least documents that pam_strerror(3) can be called explicitly with NULL as handle if pam_start(3) failed. XSSO is silent on the topic, but it is the most sensible behavior.
Agreed. -Richard