Issues with calling an external executable
Inger, Slav (.)
vinger at ford.com
Tue Feb 24 15:07:11 UTC 2004
Hello,
I'm using the fork()/execl() combination to run an external executable from
within an 'auth' Linux PAM module. Yes I'm aware of the security concerns
of running an external apps, but I must call an external program during the
auth stage. I'm also checking the executable's exit code using
WEXITSTATUS() macro. [If anyone knows of a better approach, please let me
know] Now, here's the problem: it behaves inconsistently. On one machine
execl() succeeds most of the time, on the other machine it fails every time.
The executable is located in the same place on both machines, with identical
permissions. Here's the situation in more detail:
PAM setup:
auth required custom_module.so <-- module calling
external app
auth sufficient pam_krb5.so <params>
auth required pam_unix2.so <params>
... ... ...
Machine 1: module is invoked via console login (/etc/pam.d/login), execl()
fails every time
Machine 2: module is invoked from xdm (/etc/pam.d/xdm), execl() succeeds,
UNLESS the user fails his Kerberos password. At this point something
happens that makes execl() call fail on subsequent logins. I must restart
the login manager to get the functionality back, again until one of the
users fails his Kerberos password.
So, why the inconsistency between machines? And in the latter case, what is
it that causes this behavior?
Thanks in advance.
More information about the Pam-list
mailing list