[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PAMified login?

Michael K. Johnson:
> Visible in what sense?  pstree is different?  Yeah...  So?
> Does it ever make a difference?

The command run from su is no longer the same process as su
itself.  There may be some subtle issues with exit status,
wait(), SIGCHLD etc.  With su, we don't have a process like
init or telnetd to close our session.  Maybe it does make
a difference, maybe not.  Let's ask Sun...

One idea (not sure good or bad): a daemon to keep track of
such sessions (defined as the lifetime of the process),
which listens on a fifo or socket, and scans the process
table periodically: if the process no longer exists, the
session is removed using pam_close_session().  Something
like Sun's utmpd (too bad it is completely undocumented).

> Oh.  I thought it followed the same format as something in
> shadow, and thought it was related.

It is similar, only slightly different format and different
file name.  It may be possible to modify logoutd to work with
the new format as long as the old one is still supported for
compatibility - patches are welcome :-).

> OK, I should say this: I'm currently busy adding shadow support
> to applications.  I thought that you joined the PAM effort because
> you wanted to add shadow support to PAM; your words were:

And I did, the pam_unix module does support shadow passwords
(no nice/fascist features like password aging though - yet).

> I shouldn't have said that I can't help; I didn't mean that exactly.
> I thought that you were working on it and I meant that in that case
> since you know the code and I don't, I would be more of a hindrance
> than a help in doing the work.

OK, no problem.  Anyway, if anyone feels like sending me some
PAM patches for the shadow suite, or writing PAM modules to
implement some of its features - feel free go ahead and do it.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []