jason gerfent : PAM and thread
Jason Gerfen
jason.gerfen at scl.utah.edu
Wed Aug 12 17:23:35 UTC 2009
Aro RANAIVONDRAMBOLA wrote:
> Hello,
> I work with GUI (my application is gdm, it contains main( )) which source code is not approachable. So I only write in pam_pkcs11.c.
> Is it possible to use thread out of main( ) program ?
> how did you do? I guess you wrote pthread_create in su for example.
No. If you are writing a pam module you should consult the pam
developers handbook regarding pam_sm_authenticate() which is essentially
the main() function in the shared library you are developing.
And as for general C programing regarding threads outside of main() yes
it is indeed possible but you would want to utilize other resources to
obtain this information as this list is specifically for PAM developers,
administrators etc.
>
> thanks,
> Aro
>
>> Date: Wed, 12 Aug 2009 07:25:40 -0600
>> From: jason.gerfen at scl.utah.edu
>> To: pam-list at redhat.com
>> Subject: Re: thread within PAM
>>
>> Aro RANAIVONDRAMBOLA wrote:
>>>
>>>
>>>
>>>
>>> Hello,
>>> I have to set two authentication method :
>>> - first, the main interface asks the user to provide the login. If the user forget his smart card, he has to provide his login and pwd. Otherwise, the user inserts his card and the system discerns the smart card, so ( at the same time ) :
>>> - second, we topple over a new interface displaying on the screen " Hello xxxx. Please enter your PIN code " (the system will have retrieve the username xxxx from the card ).
>>>
>>> I think about using thread to implement both authentication. For example, threadA will deal with the first interface and threadB will run in background and as soon as the user inserts the card, it notify threadA .
>>> I looked for the PAM scheme (application - libpam - mymodule.so - pam.d ) and I am asking myself if I can implement thread.
>>> I compiled and run the pam_pkcs11.c to see how going about things. I pointed out that, anyway, user has to enter his login then enter his PIN code ( if a card is discerned ) or enter his pwd (if he forgets his card ).
>>>
>>> the aim of my project : the user must not to enter login, the system have to be able to read the login on the card and display it. And overall, if the user forgets his card, ask him for the login and pwd.
>>>
>>> My question :
>>> - is there someone who used thread in PAM in such situation ?
>>>
>> I tried to implement a module which utilized threads to create
>> child/parent processes and it works, but it created some odd behavior
>> within the standard text based login.
>>
>> I did not test this with a GUI login so you might have better luck there.
>>
>> One module you may want to take a look at for utilizing a device vs.
>> username/password schema is the pam_fprint module located here:
>> http://reactivated.net/fprint/wiki/Pam_fprint
>>
>> It utilizes a secondary library which runs as a service. I think this is
>> something you should look into vs. utilizing a forked process within
>> your module. The process would be a bit easier to communicate with
>> within the pam stack and give you more stable results.
>>> Thanks for your help,
>>>
>>> Aro
>>>
>>>
>>>
>>> _________________________________________________________________
>>> Avec Windows Live, vous organisez, retouchez et partagez vos photos.
>>> http://www.microsoft.com/northafrica/windows/windowslive/products/photo-gallery-edit.aspx
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> Pam-list mailing list
>>> Pam-list at redhat.com
>>> https://www.redhat.com/mailman/listinfo/pam-list
>>
>> --
>> Jas
>>
>> "Tomorrow isn't promised so we live for today"
>>
>> _______________________________________________
>> Pam-list mailing list
>> Pam-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/pam-list
>
> _________________________________________________________________
> Partagez vos souvenirs sur le Web avec les personnes de votre choix.
> http://www.microsoft.com/northafrica/windows/windowslive/products/photos-share.aspx?tab=1
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
--
Jas
"Tomorrow isn't promised so we live for today"
More information about the Pam-list
mailing list