[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [mituc@iasi.rdsnet.ro: pam limits drops privileges]



>Problem is: PAM_USER can be changed by the modules, so having a global
>pw buf is asking for trouble unless the modules will change that when
>they change PAM_USER. Also, not all modules will need to do
>getpwnam_r(). And, this would be adding a new API of sorts.

Applications should re-check PAM_USER after calling pam_authenticate()
(and, obviously, call getpwnam() again if they need to). This allows
template users to be supported a la FreeBSD (login as some arbitary
account name understood by the PAM module, but actually be mapped
to a UNIX account for POSIX and authorization purposes... lets you
deal with virtual users more easily).

-- Luke

--
Luke Howard | lukehoward.com
PADL Software | www.padl.com





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []