[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [PAM-Announce] Linux-PAM 0.74 released



Leon,

> Would you, please, look at the following 3 lines of code

> /* Grab the user information out of the password file for future usage
>     First get the username that we are actually using, though.
>   */
> retcode = pam_get_item(pamh, PAM_USER, (const void **) &username);
> setpwent();                                                             /* 
> line 635 */
> pwd = getpwnam(username);                                /* line 636 */
> if (pwd) initgroups(username, pwd->pw_gid);       /* line 637 */

> If we use PAM module, how come we "Grab the user information out of the 
> password file for future usage"
> PAM doesn't have access to remote database, does it? It doesn't make any 
> sense for me.
> getpwnam() fails (user is unreachable), login fails as well.

The purpose of 'login' is to provide a person local access to a system's
resources as an authenticated user.  In order to use this service with a
remote authentication database, there MUST be a mechanism for mapping the
remotely authenticated user to a uid on the local system.  Since this
mechanism is not specified by the PAM API, it is assumed that this information
will be made available through the standard C library calls (getpwnam,
getpwuid, getpwent), either by populating the local /etc/passwd file with
entries for all users, or by using an alternate NSS (name service switch)
module to provide access to a central database.

HTH,
Steve Langasek
postmodern programmer





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []