[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PAM and /bin/login, acct_mgmt() vs authenticate()



On Fri, Aug 18, 2000 at 03:38:47PM -0400, Nicolas Williams wrote:
> One thing I realize is that several LinuxPAM modules perform account
> authorization checks in pam_sm_authenticate() rather than in
> pam_sm_acct_mgmt(). I think this is a mistake.

I think the last time this was brought up on this list, everyone who
voiced an opinion agreed with that.

> I'm also mystified by the number of modules that provide noop
> pam_sm_setcred() functions, instead of not providing any.

If your module provides pam_sm_authenticate(), you're required to provide
pam_sm_setcred(), even if it does nothing.
 
> The /bin/login / PAM interaction sequence for the successful login case
> should probably be:
> 
>  - process options
>  - call pam_start()
>  - call pam_authenticate() unless -f && euid == 0

I think there should be a call to pam_acct_mgmt() here, specifically to
support correct usage of modules like pam_shells and pam_securetty.

>  - call pam_open_session() to deal with utmp, logging, auditing, tty ownership
>  - setgid(), setgroups()
>  - call pam_setcred() to establish creds
>  - setuid()
>  - pam_end()
>  - cd to the user's home directory
>  - exec() the user's shell

You can't pam_end() before the shell starts, because you have to call
pam_setcred(PAM_DELETE_CREDS) and pam_close_session() before you do
that.  For this to work, login forks, handles the last two steps, and
the parent takes care of a proper PAM shutdown when its child exits.
 
Nalin





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []