Pam-list Digest, Vol 16, Issue 15
Andreas Schindler
schindler at az1.de
Mon Jun 27 22:26:02 UTC 2005
Fabrizio,
let me add some comments:
>
> 1) I think the question is why after pam_start, the function
> pam_get_item(..., PAM_SERVICE,..), doesn't return the name of the real
> loaded service? I sow in the source of xscreensaver the same comment
> about this problem.
pam_get_item() on client side (what the user program calls) is not the
same as pam_get_item() you see on the module side (though it's in fact
much the same code). It returns to you (the user) willingly just what
you put in, _NOT_ what it makes from your input. Remember User/Modules
are quite like Client/Server.
However: if anybody outside konws a dirty trick to do this without a
SUID helper, please let me know, maybe alas we found the circle's
quadrature.
>
> 2) Yes. This was an option that I tried. But I saw that xscreensaver
> have the same problem, so it must be a solution without start a Sbit
> program (maybe?)!
>
Of cousrse this has to be a SUID helper program, because all the
PAM client calls run in the context of the calling user.
Regards Andreas
--
Dr.-Ing. Andreas Schindler
Alpha Zero One Computersysteme GmbH
Frankfurter Str. 141
63303 Dreieich
Telefon 06103-57187-21
Telefax 06103-373245
schindler at az1.de
www.az1.de
More information about the Pam-list
mailing list