[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: Passing information from app to module by pam_*env
- From: Tobias Heide <tucks gmx de>
- To: Pluggable Authentication Modules <pam-list redhat com>
- Subject: Re: Passing information from app to module by pam_*env
- Date: Wed, 05 Sep 2007 13:34:41 +0200
Steve Langasek schrieb:
> If you have to code both your app and your module to exchange extra
> information, then it's no longer very "pluggable", is it?
Note: only the application passes data to the module, not the other way
round. The module should have the ability to make more granular
authorisation decisions. ("Shall user X be granted to access Port 80 of
Host Y?"). I just want to pass the information, that the requested
"resource" is Port 80 of Host Y.
> When a module needs additional information in order to do its job, it's
> expected that the module will use the conversation function provided
by the
> app in order to request this information from the user in some fashion.
The problem with that is, that most existing applications simply send
the password, when PAM_PROMPT_ECHO_OFF is sent to them. So I would have
to add new messages to the PAM library. I don't think, that's cool.
Thanks so long,
tobi
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]