[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Passing information from app to module by pam_*env

On Tue, Sep 04, 2007 at 12:41:16PM +0200, Tobias Heide wrote:
> I hope, my posting won't arrive twice, because I first used a wrong
> Sender-Address...

> I am about to implement a XACML-PAM-Module for a student research
> project. As a test-application I have to use a SOCKS5-Server, which
> already has some basic PAM-Support (Dante).

> But: I want to pass information from the Server to the PAM-Module, e.g.
> the destination address of the request. The PAM-Module should then pass
> this information to the XACML-"Server". The general goal is, to have
> more information to make the authorisation-decision.

> I plan to pass this information by pam_*env-functions. Is this a safe
> way? Are there any objections? I could not find any module that makes
> use of these functions, so I thought it might not be recommended?

If you have to code both your app and your module to exchange extra
information, then it's no longer very "pluggable", is it?

When a module needs additional information in order to do its job, it's
expected that the module will use the conversation function provided by the
app in order to request this information from the user in some fashion.

Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon debian org                                   http://www.debian.org/

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]