Login PAM interaction suspect

Nicolas François nekral.lists at gmail.com
Wed Nov 16 18:57:06 UTC 2011


Hello,

On Wed, Nov 16, 2011 at 10:38:55AM -0500, David Mitton wrote:
> 
> This was discussed in some other forum (which I lost my breadcrumbs to).
> It's moot to me, as I currently don't plan on changing that value.
> But login should not assume that  getpwnam(PAM_USER) will work until
> committed with a setcred.

OK. I see your point and getpwnam() should be delayed as much as possible.

However, login is required to setuid(<UID>) / setgid(<GID>) before
setcred, and <UID> or <GID> can only be found using getpwnam(PAM_USER).

Best Regards,
-- 
Nekral




More information about the Pam-list mailing list