OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: [PATCH] pam_exec questions and possible patch

From: Aaron Cohen (aaronassonance.org)
Date: Wed Mar 21 2007 - 18:10:14 CDT


Apologies, I sent a version of the patch that used the wrong name for
the environment variable. Here it is with the correct patch.

Aaron

On 3/21/07, Aaron Cohen <aaronassonance.org> wrote:
> I'm currently trying to use pam_exec to call a script to synchronize
> my home directories with a central server and have come across a
> couple of issues.
>
> Firstly, does pam_exec make any sense outside of the "session" section
> of pam.conf? It seems slightly hairy to me, because for instance if
> it's in the auth section a user could cause a program to be executed
> by another user by only unsuccessfully attempting to log in as that
> user.
>
> Secondly, is there any way to distinguish in the exec'ed program that
> the session is being opened or closed? I've finally created a simple
> patch that defines a PAM_SESSION_ACTION environment variable in the
> executed subprocess so that my script can do the correct actions.
>
> Thirdly, does the seteuid option actually work correctly? It seems to
> me that it simply sets the effective user id to whatever the effective
> user id already was. My patch changes this by setting the effective
> userid of the subprocess to the user id of the user who's session is
> being created if this option is specified.
>
> Thanks,
> Aaron
>
>

_______________________________________________
Pam-list mailing list
Pam-listredhat.com
https://www.redhat.com/mailman/listinfo/pam-list