SuSE loading PAM?
Jason Gerfen
jason.gerfen at scl.utah.edu
Tue Jun 22 21:36:49 UTC 2004
Yeah you have, so my problem isnt that i am loading the module in the
wrong file or location, it is forking to whatever accout has a UID of
3. I have double checked the /etc/passwd for any account with that UID
and there isn't one listed. Is that normal? Also how can I find out if
PAM is being executed as root?
Thanks again for the info.
Joe Lewis wrote:
> Jason Gerfen wrote:
>
>> I am writting a pam module and it works fine, does simple logging of
>> login attempts etc. The problem with this is it only seems to load
>> if I use the /etc/pam.d/gdm file to load it.
>
>
> For all Gnome Display Manager login's, it will use the gdm file.
>
>> From what I understand about PAM the /etc/pam.d/login file should be
>> the one to load the module to log authentication attempts correct?
>
>
> /etc/pam.d/login is used for text-console-based logins. This is the
> beauty of PAM - different login mechanisms for different services.
>
>> Second question, as I am writting this I attempt to get the current
>> owner of the process and it is coming up as UID & EUID as 3? Is this
>> a system user? I could not google up anything on this behavior.
>
>
> Look in /etc/passwd for the account with UID of 3.
>
>> My third question is if PAM is not running as the root user is there
>> an existing module that will switch to the root user on the fly in
>> order to run some authentication commands before returning to the
>> normal user? Any help is appreciated...
>
>
> There is no mechanism to switch to root for the authentication.
> Often, a service will be running as root. When an authentication
> request comes in, a separate process will be fork()ed, and that
> process switches from root to the user that just authenticated, while
> the service starts listening again for new connections.
>
> If you build a PAM-aware application, make sure that it is executed as
> root, or any authentications will fail (because only root has access
> to the shadow password files).
>
> I was playing with a test application, and it would only allow the
> current user to authenticate. As soon as the application became root
> and could gain access to the shadow files, I could authenticate any
> user in the files.
>
> I hope I've answered a few questions in my ramblings. Let me know if
> I haven't.
>
> Joe
>
>
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
--
Jason Gerfen
"...Sometimes I just yell at myself. And it
makes me sad, sometimes I make myself cry..."
~ My nephew Dawsyn
More information about the Pam-list
mailing list