[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Success/Fail bug when calling modules more than once?



On Thu, Jul 11, 2002 at 12:04:38PM -0700, Cole, John wrote:
> Andrew> ... confusing itself (it might be trampling 
> Andrew> on its own pam_[gs]et_data() items for example...?).
> 
> Nalin> Actually, it likely does confuse itself in this way (it stores the
> Nalin> previous authentication request's status and returns it to ensure the
> Nalin> stack is always traversed the same way, though it shouldn't be
> necessary
> Nalin> with Linux-PAM >= 0.74 or so).
> 
> Nalin> I'm not sure what the best way to go about fixing that is, though.
> 
> Makes sense.  I just downloaded the module's code and was looking at it a
> little, and was coming to the same conclusion.  [Can you update the module
> documentation to indicate this might be a problem?]

Sure, but I'd prefer to just fix it. :)

> Nalin, what's your feeling about supporting a list of realms to check on a
> single call to the module?  That's ultimately what I'd like to do, and in my
> case, would sidestep the issue of how to fix multiple calls to the module.
> 
> My thought on this would be allowing a list of realms to check, such as
> realm=A.CORP.COM;B.CORP.COM and when a success is found, stop checking.
> 
> If this seemed a good approach, I'll pursue it.  Feel free to take this
> offlist if we're going outside scope.

I have no idea if this is off-topic for the mailing list or not, so
unless someone complains I'm happy to continue here.

I'm leery of using a list of realms in this way because user bob might
get mapped to bob@B.CORP.COM one day and bob@A.CORP.COM the next,
without the system administrator's knowledge.

I think using separate areas for storing the state (by making the names
of data items used include the principal's name) would fix this pretty
cleanly.

I'm (still) in the process of merging a patch for improving the Heimdal
support that the Debian maintainer was kind enough to send me, but I'll
have to bump the two changes to the top of my to-do list.

Nalin





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []