Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: [PATCH] pam_exec questions and possible patch

From: Aaron Cohen (aaronassonance.org)
Date: Wed Mar 21 2007 - 18:10:14 CDT

Apologies, I sent a version of the patch that used the wrong name for
the environment variable. Here it is with the correct patch.


On 3/21/07, Aaron Cohen <aaronassonance.org> wrote:
> I'm currently trying to use pam_exec to call a script to synchronize
> my home directories with a central server and have come across a
> couple of issues.
> Firstly, does pam_exec make any sense outside of the "session" section
> of pam.conf? It seems slightly hairy to me, because for instance if
> it's in the auth section a user could cause a program to be executed
> by another user by only unsuccessfully attempting to log in as that
> user.
> Secondly, is there any way to distinguish in the exec'ed program that
> the session is being opened or closed? I've finally created a simple
> patch that defines a PAM_SESSION_ACTION environment variable in the
> executed subprocess so that my script can do the correct actions.
> Thirdly, does the seteuid option actually work correctly? It seems to
> me that it simply sets the effective user id to whatever the effective
> user id already was. My patch changes this by setting the effective
> userid of the subprocess to the user id of the user who's session is
> being created if this option is specified.
> Thanks,
> Aaron

Pam-list mailing list