[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: xlockmore (pam)



Theodore Y. Ts'o wrote:
> 
>    Date: Mon, 9 Sep 1996 15:19:36 -0400 (EDT)
>    From: Elliot Lee <sopwith@cuc.edu>
> 
>    The problem is defining a std interface to this program that will work
>    with a number of different auth methods. What about shadowed MD5 passwords
>    when they are kept in a separate file, for example? Or a custom
>    authentication database engine which only allows accesses from specific
>    users? 
> 
> The official interface should be the PAM module.  The PAM module can
> define whatever interface it wants to its helper program which will be
> setuid.  I don't see any reason why we need to set an interface there;
> we can have multiple modules with different helper programs and
> different interfaces to that helper program.

I agree. The helper executable should be defined with respect to the
module. The interface is a private thing between the module and the
helper function. In the case of shadow it is assumed that the helper
function should be setuid root (or setgid shadow) this might not be
the *minimum* necessary or appropriate privilege for another module's
authentication scheme.

As for resources, it is probably a rule of thumb that the complexity
of the application grows with its size and the larger an application
is, the less likely it is to be verifiably secure. Hence helper
executables are most likely to be needed in the case of larger
applications. In other words, with minimal system resources users
won't be running such large and untrustworthy applications, so we
don't really need to worry about the overhead of loading a small
helper executable. ;^) [unfair?]

As for knowing the authentication scheme of the calling module the
helper executable could use PAM(!). Here is a sketch of a helper
executable:

	conversation()
	{
		/* ignore? all output requests */
		/* for input requests read stdin */
	}

	main(argc, argv)
	{
		argc/v -> service-name of parent application
		uid of parent-process -> username of user

		pam_start(service, user, conversation);
		retval = pam_authenticate( PAM_SILENT );
		pam_end();
		if (retval == PAM_SUCCESS)
			exit(0);
		else
			exit(1);
	}

If people want, I can make such a helper executable for pam_unix and
include it in the next release.

Regards

Andrew



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []