pam_unix, pam_putenv() and pam_getenv()
Jason Gerfen
jason.gerfen at scl.utah.edu
Tue Aug 4 16:27:40 UTC 2009
Steve Langasek wrote:
> On Mon, Aug 03, 2009 at 02:01:07PM -0600, Jason Gerfen wrote:
>> After a bit of researching I would like to clarify that utilizing the
>> pam_putenv() function would allow me to pass a UID/GID pair to the
>> pam_unix authentication module as long as the pam_unix module utilizes
>> the pam_getenv() function to recognize a valid UID/GID pair vs utilizing
>> the getpwnam() function.
>
> The pam_putenv()/pam_getenv() functions are used to set "environment"
> variables related to the PAM session, primarily with the expectation that
> these values will be exported to the process environment at the start of the
> PAM session by the service.
>
> There is no way in which pam_unix would look at the PAM environment for
> UID/GID values (nor should it).
>
Thats all I needed to know is that it shouldn't. I am assuming here but
I suppose it was decided that UID/GID information would be verified
using getnent functionality vs. passing this information along within
the pam stack such as nss_ldap correct?
--
Jas
"Tomorrow isn't promised so we live for today"
More information about the Pam-list
mailing list