[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: 'Credentials'



On Mon, 3 Mar 1997, Andrew G. Morgan wrote:
> Credentials include things like (Kerberos) tickets.  The natural extension
> of this is to make the setuid and initgroups calls part of this scheme,
> however Sun have ruled that these two things are actually in the domain of
> the application code. It is legitimate, however, for a module's credential
> component to "append" groups to the user's supplementary group list.

I gather that as an application writer providing 'login like' services,
the last step I'd have to do is call the credential granting functions. I
have to get the primary group and uid myself (through pwdb, for example) 
and set it using standard library calls. 
 
> Hope that helps.. 

It surely did. Thanks a lot! 

> It looks like it is getting time form me to look at
> improving the documentation again...

IMHO the description of the functions itself is quite good. A glossary to
explain some words would be nice, though. For example, I could guess what
credentials are, but I wasn't sure. It would also be good to extend the
section that says what an application writer has to do. Currently, it only
talks about the bare minimum but from last mails I get the impression that
mention of pam_acct_mgmt and the credential setting functions would be
good. It might also be helpful to explicitly tell users what pam does
_not_ do to prevent confusion. 

---/dev/il



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []