Login PAM interaction suspect
David Mitton
david at mitton.com
Wed Nov 16 21:43:15 UTC 2011
Quoting Nicolas François <nekral.lists at gmail.com>:
> Hello,
>
> On Wed, Nov 16, 2011 at 10:38:55AM -0500, David Mitton wrote:
>>
>> This was discussed in some other forum (which I lost my breadcrumbs to).
>> It's moot to me, as I currently don't plan on changing that value.
>> But login should not assume that getpwnam(PAM_USER) will work until
>> committed with a setcred.
>
> OK. I see your point and getpwnam() should be delayed as much as possible.
>
> However, login is required to setuid(<UID>) / setgid(<GID>) before
> setcred, and <UID> or <GID> can only be found using getpwnam(PAM_USER).
Why would that be? and where is it written?
Thanks
>
> Best Regards,
> --
> Nekral
>
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
>
More information about the Pam-list
mailing list