[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pam_session bug?



On Wed, May 06, 1998 at 10:21:40AM -0400, Derrick J Brashear wrote:
> On Tue, 5 May 1998, Andrew Morgan wrote:
> 
> > An interesting point.  However, the last thing I heard, PAM
> > development had ceased at Sun.  I'd very much like to hear something
> > to the contrary.
> 
> I don't know if it has or not, but as I've said before: right now I can
> write a module which works under Solaris directly or under Linux-PAM. I
> can probably write a module which works under HP-UX 10, but we have no
> HP-UX 10 boxes here. This is extremely useful. While I see the need for
> moving forward, I'd realy prefer not to lose this, since, among other
> things, for my job I'm now using this...

Could you check the kernel credentials with which different
PAM functions are called under Solaris?

I'm mostly interesting in uid, euid, gid, egid and supplementary groups
for calls pam_open_session, pam_setcred(PAM_ESTABLISH_CRED),
pam_setcred(PAM_DELETE_CRED), and pam_close_session
when you do for example "su - user" with the original and the target
users being not root. The test could be performed easily by plugging
a module which prints the information.

Now we can't say that the compatibility is present because
we aren't sure that the policy of setting kernel credentials
when pam_sm_setcred module function is called
differs under Linux and Solaris.

Regards
					Andrey V.
					Savochkin



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []