Pam-list Digest, Vol 16, Issue 15
Muscarella, Fabrizio
fabrizio.muscarella at sap.com
Wed Jun 29 07:51:07 UTC 2005
Hi Andreas ,
I think that the client-server concept is not forbidding pam_get_item
from return the right value. Anyway, there is not apparently way to get
the name of the service used. In xscreensaver somebody tried to
implement a functionality using /etc/pam.d/ etc, but now is not more
used.
For the second problem was my mistake. Sorry! I tried only on SLES9
systems. Now I started my tests with RH - Debian , ... And it works
fine. So I think my problem is just a specific SuSE problem.
Thank You & Regards,
Fabrizio
-----Original Message-----
From: pam-list-bounces at redhat.com [mailto:pam-list-bounces at redhat.com]
On Behalf Of Andreas Schindler
Sent: Tuesday, June 28, 2005 12:26 AM
To: pam-list at redhat.com
Subject: Re: Pam-list Digest, Vol 16, Issue 15
Fabrizio,
let me add some comments:
>
> 1) I think the question is why after pam_start, the function
> pam_get_item(..., PAM_SERVICE,..), doesn't return the name of the real
> loaded service? I sow in the source of xscreensaver the same comment
> about this problem.
pam_get_item() on client side (what the user program calls) is not the
same as pam_get_item() you see on the module side (though it's in fact
much the same code). It returns to you (the user) willingly just what
you put in, _NOT_ what it makes from your input. Remember User/Modules
are quite like Client/Server.
However: if anybody outside konws a dirty trick to do this without a
SUID helper, please let me know, maybe alas we found the circle's
quadrature.
>
> 2) Yes. This was an option that I tried. But I saw that xscreensaver
> have the same problem, so it must be a solution without start a Sbit
> program (maybe?)!
>
Of cousrse this has to be a SUID helper program, because all the
PAM client calls run in the context of the calling user.
Regards Andreas
--
Dr.-Ing. Andreas Schindler
Alpha Zero One Computersysteme GmbH
Frankfurter Str. 141
63303 Dreieich
Telefon 06103-57187-21
Telefax 06103-373245
schindler at az1.de
www.az1.de
_______________________________________________
Pam-list mailing list
Pam-list at redhat.com
https://www.redhat.com/mailman/listinfo/pam-list
More information about the Pam-list
mailing list