[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PAMified login?

"Theodore Y. Ts'o" writes:
>An example use of things you might put in the session module would be
>attaching a user's remote home directory, and then detaching it when the
>user logs out.

Of course, you only want to detach it on the *last* logout, so you need
some way to keep a usage count...

>The session close routine would also be the place where
>kerberos tickets that were fetched by the authentication module would be

And again, presumably you need a usage count, since I don't want
all my kerberos tickets destroyed because I logged in on another
virtual console briefly...

Thank you very much for the examples.  Knowing what things might
be session-oriented helps me tremendously.

This means that su *does* need to open and close sessions,
especially "su -".  And if "su -" does sessions, then a normal
su probably should also, since you might expect a user's home
directory to be available when you su'd even if you didn't ask
for a login su.  Having su session-oriented in all cases satisfies
the principle of least surprise.

Thanks!  I think I'll attack login next, and let init take care
of itself.


"Ever wonder why the SAME PEOPLE make up ALL the conspiracy theories?"

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []