[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: 'Credentials'

Ingo Luetkebohle wrote:
> Is there an explanation of what 'credentials' are and how they can differ
> between different modules?

The best description I can think of is that the user's credentials determine
the "identity" of the user.  The auth module contains a function for
challenging the user to identify him/herself, and then another function to
grant them all the attributes that are associated with this identity.

Credentials include things like (Kerberos) tickets.  The natural extension
of this is to make the setuid and initgroups calls part of this scheme,
however Sun have ruled that these two things are actually in the domain of
the application code. It is legitimate, however, for a module's credential
component to "append" groups to the user's supplementary group list.

Hope that helps.. It looks like it is getting time form me to look at
improving the documentation again...


               Linux-PAM, libpwdb, Orange-Linux and Linux-GSS
       [ For those that prefer FTP  ---  ftp://ftp.lalug.org/morgan ]

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []