pam_script vs pam_exec?

Question

pam_script vs pam_exec?

Opened this issue 3 years ago · 1 comments

These days it appears that pam_exec comes bundled with PAM on Linux.

Why should i use pam_script instead of pam_exec? Does it have advantages? Is it because pam_exec is not available elsewhere?

The fact that with pam_exec PAM_AUTHTOK is passed via stdin instead of the environment (and only when enabled via a parameter) makes it appear to be safer than pam_script. Perhaps you should switch to that mechanism, too?

Answer 1 · 2022-09-13T07:56:57.000Z

looks about the same？