Pam-list Digest, Vol 16, Issue 13
Muscarella, Fabrizio
fabrizio.muscarella at sap.com
Mon Jun 27 07:26:03 UTC 2005
Hi Andreas,
First thank you for your answer.
1) I think the question is why after pam_start, the function
pam_get_item(..., PAM_SERVICE,..), doesn't return the name of the real
loaded service? I sow in the source of xscreensaver the same comment
about this problem.
2) Yes. This was an option that I tried. But I saw that xscreensaver
have the same problem, so it must be a solution without start a Sbit
program (maybe?)!
Thanks & Regards,
Fabrizio
-----Original Message-----
From: pam-list-bounces at redhat.com [mailto:pam-list-bounces at redhat.com]
On Behalf Of Andreas Schindler
Sent: Saturday, June 25, 2005 1:36 PM
To: pam-list at redhat.com
Subject: Re: Pam-list Digest, Vol 16, Issue 13
Fabrizio,
> 1) I want to find out if a specific pam-service is installed or not.
In my opinion, what yo're trying to do is contradictionary to the API
approach of PAM altogether. The authenticating client should know
nothing about the internals of the PAM module stack. Binding to some
special PAM module will make it impossible to the administrator to
change anything at later time.
> 2)I want to authenticate the user running the process. But
unfortunately
Change from plain vanilla pam_unix to a more sophisticated module
(pam_unix2 or so?). What you need is a little SUID-root helper program
called from the pam_unix* module to deal with the shadow suite.
Regards, Andreas
--
Dr.-Ing. Andreas Schindler
Alpha Zero One Computersysteme GmbH
Frankfurter Str. 141
63303 Dreieich
Telefon 06103-57187-21
Telefax 06103-373245
schindler at az1.de
www.az1.de
_______________________________________________
Pam-list mailing list
Pam-list at redhat.com
https://www.redhat.com/mailman/listinfo/pam-list
More information about the Pam-list
mailing list