Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Subject: Re: PAM session vs. auth
From: Steve Langasek (vorlonnetexpress.net)
Date: Mon Oct 09 2000 - 15:12:00 CDT
- Next message: Luke Howard: "Re: setcred, keychains.."
- Previous message: Dustin Puryear: "Re: PAM session vs. auth"
- In reply to: Dustin Puryear: "PAM session vs. auth"
- Reply: Steve Langasek: "Re: PAM session vs. auth"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 9 Oct 2000, Dustin Puryear wrote:
> I suppose by using the acct stack I get past the authentication issue
> entirely. However, can I assume that all services will actually use the
> acct stack? I know that at a minimum they will be using the auth stack,
> and that's why I went that route. It seems to me that the acct stack
> presents the same problem as the session stack--not everyone will use it.
While opening and closing a 'session' does not make sense for all
applications, it always makes sense for a PAMified application to call
pam_acct_mgmt(), as this is the module that does account authorization checks.
I've never seen an application that called pam_authenticate() but not
pam_acct_mgmt(), and I would be inclined to argue that an application that did
so was not properly PAMified, as it is this second function which checks for
things such as expired passwords.
Pam-list mailing list