SuSE loading PAM?

Jason Gerfen jason.gerfen at scl.utah.edu
Tue Jun 22 21:36:49 UTC 2004 

Yeah you have, so my problem isnt that i am loading the module in the 
wrong file or location, it is forking to whatever accout has a UID of 
3.  I have double checked the /etc/passwd for any account with that UID 
and there isn't one listed.  Is that normal?  Also how can I find out if 
PAM is being executed as root?

Thanks again for the info.

Joe Lewis wrote:

> Jason Gerfen wrote:
>
>> I am writting a pam module and it works fine, does simple logging of 
>> login attempts etc.  The problem with this is it only seems to load 
>> if I use the /etc/pam.d/gdm file to load it.
>
>
> For all Gnome Display Manager login's, it will use the gdm file.
>
>> From what I understand about PAM the /etc/pam.d/login file should be 
>> the one to load the module to log authentication attempts correct?
>
>
> /etc/pam.d/login is used for text-console-based logins.  This is the 
> beauty of PAM - different login mechanisms for different services.
>
>> Second question, as I am writting this I attempt to get the current 
>> owner of the process and it is coming up as UID & EUID as 3?  Is this 
>> a system user?  I could not google up anything on this behavior.
>
>
> Look in /etc/passwd for the account with UID of 3.
>
>> My third question is if PAM is not running as the root user is there 
>> an existing module that will switch to the root user on the fly in 
>> order to run some authentication commands before returning to the 
>> normal user?  Any help is appreciated...
>
>
> There is no mechanism to switch to root for the authentication.  
> Often, a service will be running as root.  When an authentication 
> request comes in, a separate process will be fork()ed, and that 
> process switches from root to the user that just authenticated, while 
> the service starts listening again for new connections.
>
> If you build a PAM-aware application, make sure that it is executed as 
> root, or any authentications will fail (because only root has access 
> to the shadow password files).
>
> I was playing with a test application, and it would only allow the 
> current user to authenticate.  As soon as the application became root 
> and could gain access to the shadow files, I could authenticate any 
> user in the files.
>
> I hope I've answered a few questions in my ramblings.  Let me know if 
> I haven't.
>
> Joe
>
>
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list



-- 
Jason Gerfen

"...Sometimes I just yell at myself. And it
 makes me sad, sometimes I make myself cry..."
			~ My nephew Dawsyn

More information about the Pam-list mailing list