|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: PAM session vs. auth
From: Steve Langasek (vorlon
netexpress.net)Date: Mon Oct 09 2000 - 15:12:00 CDT
- Next message: Luke Howard: "Re: setcred, keychains.."
- Previous message: Dustin Puryear: "Re: PAM session vs. auth"
- In reply to: Dustin Puryear: "PAM session vs. auth"
- Reply: Steve Langasek: "Re: PAM session vs. auth"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 9 Oct 2000, Dustin Puryear wrote:
> I suppose by using the acct stack I get past the authentication issue
> entirely. However, can I assume that all services will actually use the
> acct stack? I know that at a minimum they will be using the auth stack,
> and that's why I went that route. It seems to me that the acct stack
> presents the same problem as the session stack--not everyone will use it.
While opening and closing a 'session' does not make sense for all
applications, it always makes sense for a PAMified application to call
pam_acct_mgmt(), as this is the module that does account authorization checks.
I've never seen an application that called pam_authenticate() but not
pam_acct_mgmt(), and I would be inclined to argue that an application that did
so was not properly PAMified, as it is this second function which checks for
things such as expired passwords.
Steve Langasek
postmodern programmer
_______________________________________________
Pam-list mailing list
Pam-listredhat.com
https://listman.redhat.com/mailman/listinfo/pam-list
- Next message: Luke Howard: "Re: setcred, keychains.."
- Previous message: Dustin Puryear: "Re: PAM session vs. auth"
- In reply to: Dustin Puryear: "PAM session vs. auth"
- Reply: Steve Langasek: "Re: PAM session vs. auth"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]