[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Does pam_env.so work?



On Wed, 4 Nov 1998, Derrick J Brashear wrote:

> > > Seth Chaiklin wrote:
> > > > auth       required   pam_nologin.so
> > > > auth       required   pam_securetty.so
> > > > auth       sufficient pam_unix_auth.so
> > > > auth       required   pam_nw_auth.so PSY
> > > > auth       required   pam_env.so debug
> > > 
> Easy. pam_env (presumably) sets variables in the set_cred step. The unix
> set_cred is sufficient (and succeeds) and so the pam_env one never gets
> hit..

Ok.  Now my understanding of PAM's module stacking has changed from an
"in-theory" idea that I have read and "understood" to a working (uh,
better-working) understanding.  

But then Andrew's point that the problem arose because pam_unix_auth is 
sufficient, sent me off to test my new-won understanding.

As I understand, if pam_unix_auth succeeds, then login does not go 
any further in configuration file if it succeds, so it is necessary 
to put pam_env before if you want to be sure that it gets hit.

So I reasoned, if I use the pam_nw_auth module, then I can put
pam_env either before or after pam_nw_auth, because they are
both required and the pam_unix_auth module will not be hit.

I was wrong.  Neither case would set environmental variables.
Only if pam_env was before both pam_unix_auth and pam_nw_auth.

What I am still missing in my understanding?

Thanks,
   Seth



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []