|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Aaron Cohen (aaron
assonance.org)
Date: Wed Mar 21 2007 - 18:10:14 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Apologies, I sent a version of the patch that used the wrong name for
the environment variable. Here it is with the correct patch.
Aaron
On 3/21/07, Aaron Cohen <aaronassonance.org> wrote:
> I'm currently trying to use pam_exec to call a script to synchronize
> my home directories with a central server and have come across a
> couple of issues.
>
> Firstly, does pam_exec make any sense outside of the "session" section
> of pam.conf? It seems slightly hairy to me, because for instance if
> it's in the auth section a user could cause a program to be executed
> by another user by only unsuccessfully attempting to log in as that
> user.
>
> Secondly, is there any way to distinguish in the exec'ed program that
> the session is being opened or closed? I've finally created a simple
> patch that defines a PAM_SESSION_ACTION environment variable in the
> executed subprocess so that my script can do the correct actions.
>
> Thirdly, does the seteuid option actually work correctly? It seems to
> me that it simply sets the effective user id to whatever the effective
> user id already was. My patch changes this by setting the effective
> userid of the subprocess to the user id of the user who's session is
> being created if this option is specified.
>
> Thanks,
> Aaron
>
>
_______________________________________________
Pam-list mailing list
Pam-listredhat.com
https://www.redhat.com/mailman/listinfo/pam-list
- text/x-patch attachment: pam_exec.patch
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]