|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Pam-list Digest, Vol 16, Issue 15
From: Andreas Schindler (schindler
az1.de)
Date: Mon Jun 27 2005 - 17:26:02 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Fabrizio,
let me add some comments:
>
> 1) I think the question is why after pam_start, the function
> pam_get_item(..., PAM_SERVICE,..), doesn't return the name of the real
> loaded service? I sow in the source of xscreensaver the same comment
> about this problem.
pam_get_item() on client side (what the user program calls) is not the
same as pam_get_item() you see on the module side (though it's in fact
much the same code). It returns to you (the user) willingly just what
you put in, _NOT_ what it makes from your input. Remember User/Modules
are quite like Client/Server.
However: if anybody outside konws a dirty trick to do this without a
SUID helper, please let me know, maybe alas we found the circle's
quadrature.
>
> 2) Yes. This was an option that I tried. But I saw that xscreensaver
> have the same problem, so it must be a solution without start a Sbit
> program (maybe?)!
>
Of cousrse this has to be a SUID helper program, because all the
PAM client calls run in the context of the calling user.
Regards Andreas
--
Dr.-Ing. Andreas Schindler
Alpha Zero One Computersysteme GmbH
Frankfurter Str. 141
63303 Dreieich
Telefon 06103-57187-21
Telefax 06103-373245
schindleraz1.de
www.az1.de
_______________________________________________
Pam-list mailing list
Pam-listredhat.com
https://www.redhat.com/mailman/listinfo/pam-list
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]