Pam-list Digest, Vol 38, Issue 4
Tomas Mraz
tmraz at redhat.com
Thu Apr 12 10:47:32 UTC 2007
On Thu, 2007-04-12 at 08:24 +0200, Andreas Schindler wrote:
> pam-list-request at redhat.com wrote:
> > Send Pam-list mailing list submissions to
>
> > Re: [Pam-patches] New pam items
> > From:
>
> I can't figure out, what PAM_DEVICE should be good for. IMHO it is far
> too unspecific to be really useful.
The reason is that we cannot change the meaning of PAM_TTY in display
managers (they set it to the DISPLAY value). But as you write below,
there is also the TTY used by the X server. This value would be useful
for pam_ck_connector module. (ConsoleKit library for fast user
switching.)
> To the discussion about PAM_DISPLAY: Before all, please consider that
> every X-Display on a local machine (i.e. DISPLAY=x.x or localhost:x.x)
> ALWAYS has an associatet TTY, because the X-Server needs a (pseudo-)device
> to attach to. So, PAM_TTY and PAM_DISPLAY should be independent of each other.
That's the reason why PAM_DISPLAY would be useful, although using PAM
environment would workaround that need. That's right.
> By the way: why not use the PAM environment to store additional information?
> Annother way could is possible using pam_set/get_data.
> I've done this successfully when implementing a TACACS-to -PAM gateway.
> In conjunction with a special PAM module to store and retrieve Information
> i consider this a very smooth way to associate additional information with PAM.
pam_set/get_data cannot be used from application.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
More information about the Pam-list
mailing list