[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: module unload?



Andrew Morgan wrote:
> 
> Michael Tokarev wrote:
> > So, pam_cracklib (just an example -- my "favorite" module) is loaded by su.
> > But this module is not responsible for session management, it is
> > not responsible even for autentification!
> 
> All modules are loaded at the same time, and stacked up in memory by
> libpam. They are unloaded when the process calls pam_end(). This parent
> 'su' doesn't call pam_end() until the session is closed.

But why them all loaded?  It can be done on demand...
I.e. load all config entries, and actually load modules while walking on
particular stack...  One stack at a whole (on pam_authentificate - all auth),
or by module basis (one some module marked as sufficient returns success, there
is no need in next ones).
So the original question should be refrased now: why all of them loaded,
even uneeded ones?
This seemed to be something like trivial change, and I can give it a try.

> When we get around to supporting a fully event driven model with PAM,
> every module will have the opportunity to generate/wait for an event and
> keeping them all in memory until pam_end() will seem more natural...

Uh, this is probably something difficult to develop with good conceptual
background...  I remember the long thread here about this (with Andrew Savochkin et all).

> Cheers
> 
> Andrew
>



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []