Place to call pam_loginuid in the pam session stack
Daniel J Walsh
dwalsh at redhat.com
Tue Apr 22 20:10:46 UTC 2014
On 04/22/2014 02:59 PM, Steve Grubb wrote:
> On Tuesday, April 22, 2014 07:30:44 PM Laurent Bigonville wrote:
>> Hello,
>>
>> This is maybe a dumb question, but is there any preferred place in the
>> pam session stack to call pam_loginuid?
>>
>> Is it preferable to call it just after "pam_selinux close" or is any
>> place OK? I guess the sooner the better so the needed information are
>> present to audit what the other pam modules are doing?
> I think that as long as its set before a user can cause any action to occur on
> their behalf is all that is required. If there is a pam module that looks in a
> user's home directory for settings and then does something based on that, then
> you'd need to set it before that module.
>
> -Steve
>
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
Well that is the goal of pam_selinux open also. So it should either be
right before or right after.
More information about the Linux-audit
mailing list