[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pam_mkhomdir fix(ldap, su problem)



On Mon, 2003-07-07 at 07:28, Ethan Benson wrote:
> On Sun, Jul 06, 2003 at 08:19:55PM -0400, Doctor High wrote:
> > On Mon, 2003-07-07 at 00:35, Ethan Benson wrote:
> > > On Sun, Jul 06, 2003 at 05:54:58PM -0500, Steve Langasek wrote:
> > > > 
> > > > Convince the OpenSSH maintainers that the current behavior is incorrect,
> > > > and get them to change it.
> > > 
> > > who says its incorrect?  not the pam docs.  pam_session running as
> > > root has always been an assumption.
> > > 
> > > its less convenient, but also much safer, always a tradeoff.
> > 
> > So if pretty much all services try to run pam_mkhomedir as the
> > connecting user, then what's the point of having pam_mkhomedir?
> 
> you would just have to implement it some other way.
So the conclusion is that one should not have any expectation on rights
for session modules, ie. the only way to implement a module like
pam_mkhomedir, is to make it a small wrapper that call's a setuid
program that does the actual work(creating home directory and copying
over skel files)?

/Troels.




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []