Is this a reasonable approach?
Tomas Mraz
tmraz at redhat.com
Tue Jan 4 14:18:52 UTC 2005
On Tue, 2005-01-04 at 14:03 +0000, Andy Armstrong wrote:
> Andy Armstrong wrote:
> > Ah, the cleanup hook. I think that would do the trick thanks. I don't
> > think the case where the program dies without the cleanup happening is
> > too much of a problem for me so that could be the answer, thanks.
> >
> > I'll make some changes to the code and run the tests again and then make
> > a release. Thanks for the help.
>
> Here you go:
> http://hexten.net/sw/pam_abl/index.mhtml
>
> I couldn't get the cleanup hook to work exactly as expected - no matter
> whether authentication had failed it always seems to get PAM_SUCCESS.
That's something I've expected (the code it obtains depend on the
application you're using so if it's broken it won't work as expected).
> As
> suggested I'm now using the pam_sm_setcred hook to indicated that
> authentication has succeeded and that's working well, thanks.
Hmmm, good idea, this really helps to remove the necessary second call
in another stack. Let's hope that all relevant applications call
pam_sm_setcred correctly.
--
Tomas Mraz <tmraz at redhat.com>
More information about the Pam-list
mailing list