[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Module configuration



Hello, I have written a PAM (should I say "PAM" or "PAM module"?) that will send an alert when a given user logs into the system. However, I am a bit confused as to how to configure when the module should be used by PAM.

I want the module to only run if the user has already been authenticated. At first I considered using the following as the configuration line:

auth optional /lib/security/pam_login_alert.so

But that will generate an alert even if the user is not authenticated via pam_unix.so or something similar. (My module returns PAM_IGNORE.)

I then considered using the module only when a session is opened via:

session optional /lib/security/pam_login_alert.so

But I'm not sure if every application will actually open a session. This means that the module may not be invoked even if the user is actually authenticated for the service.

What is the best way to do this? Suggestions are appreciated.





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []