[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pam_session bug?

On Mon, 18 May 1998, Savochkin Andrey Vladimirovich wrote:

> Do people agree on it?
> Derrick, could you explain what you expect from an application
> concerning pam_setcred and pam_authenticate?

I use pam_authenticate in the kerberos module to check a password. it
doesn't write out a ticket file, because it's only authenticating, not
setting credentials. actually, it does write one out, but it's
immediaately sucked into a pam variable and nuked. *if* the setcred half
of the kerberos module is called, this is written back out. there seems to
be little point is creating unnecessary load on the kerberos kdc to
re-request the ticket when the original, which you need to get to
authenticate anyhow, already got one, but given that pam_authenticate's
job isn't to set credentials, i don't feel "correct" in leaving that
ticket file around. Maybe there's something I'm missing, but this seems
intuitive to me. 

> Sorry, it's not clear for me what behavior of 'init' is spoken about.

login does open_session and exits. later, when you log out, init comes by
and does close_session.

> If pam_close_session() were called from the different application
> how it would be possible to pass to the call the same pamh handle?

therein lies the rub.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []