[PATCH] pam_exec questions and possible patch
Aaron Cohen
aaron at assonance.org
Wed Mar 21 23:10:14 UTC 2007
Apologies, I sent a version of the patch that used the wrong name for
the environment variable. Here it is with the correct patch.
Aaron
On 3/21/07, Aaron Cohen <aaron at assonance.org> wrote:
> I'm currently trying to use pam_exec to call a script to synchronize
> my home directories with a central server and have come across a
> couple of issues.
>
> Firstly, does pam_exec make any sense outside of the "session" section
> of pam.conf? It seems slightly hairy to me, because for instance if
> it's in the auth section a user could cause a program to be executed
> by another user by only unsuccessfully attempting to log in as that
> user.
>
> Secondly, is there any way to distinguish in the exec'ed program that
> the session is being opened or closed? I've finally created a simple
> patch that defines a PAM_SESSION_ACTION environment variable in the
> executed subprocess so that my script can do the correct actions.
>
> Thirdly, does the seteuid option actually work correctly? It seems to
> me that it simply sets the effective user id to whatever the effective
> user id already was. My patch changes this by setting the effective
> userid of the subprocess to the user id of the user who's session is
> being created if this option is specified.
>
> Thanks,
> Aaron
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pam_exec.patch
Type: text/x-patch
Size: 4535 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pam-list/attachments/20070321/5502ffc8/attachment.bin>
More information about the Pam-list
mailing list