[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PAM session vs. auth

On 9 Oct 2000, Dustin Puryear wrote:

> I suppose by using the acct stack I get past the authentication issue
> entirely. However, can I assume that all services will actually use the
> acct stack? I know that at a minimum they will be using the auth stack,
> and that's why I went that route. It seems to me that the acct stack
> presents the same problem as the session stack--not everyone will use it.

While opening and closing a 'session' does not make sense for all
applications, it always makes sense for a PAMified application to call
pam_acct_mgmt(), as this is the module that does account authorization checks.
I've never seen an application that called pam_authenticate() but not
pam_acct_mgmt(), and I would be inclined to argue that an application that did
so was not properly PAMified, as it is this second function which checks for
things such as expired passwords.

Steve Langasek
postmodern programmer

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []