Is this a reasonable approach?
Tomas Mraz
tmraz at redhat.com
Tue Jan 4 08:54:33 UTC 2005
On Mon, 2005-01-03 at 21:05 +0000, Andy Armstrong wrote:
> If anyone can give me any insight as to how to avoid the need to the
> session hook I'd be gratful.
If you look at the pam_tally module - it actually works similarly.
However it uses account phase for that instead. The problem is that some
applications can theoretically avoid to use the session phase if they
don't create a session. Maybe you could call this functionality from
pam_sm_acct_mgmt too and leave it on the user to which phase he wants to
put it.
There is probably no way how to avoid the session hook. You could also
use cleanup function on pam module data because this function has
parameter with the final success/failure code, but it's called after the
session is closed and the program can exit (due to program's error or
kill) and don't call pam_end before that.
--
Tomas Mraz <tmraz at redhat.com>
More information about the Pam-list
mailing list