thread within PAM

Jason Gerfen jason.gerfen at scl.utah.edu
Wed Aug 12 13:25:40 UTC 2009


Aro RANAIVONDRAMBOLA wrote:
> 
> 
> 
> 
> 
> Hello, 
> I have to set two authentication method :
> - first, the main interface asks the user to provide the login. If the user forget his smart card, he has to provide his login and pwd. Otherwise, the user inserts his card and the system discerns the smart card, so ( at the same time ) :
> - second, we topple over a new interface displaying on the screen " Hello xxxx. Please enter your PIN code " (the system will have retrieve the username xxxx from the card ).
> 
> I think about using thread to implement both authentication. For example, threadA will deal with the first interface and threadB will run in background and as soon as the user inserts the card, it notify threadA .
> I looked for the PAM scheme (application - libpam - mymodule.so - pam.d ) and I am asking myself if I can implement thread.
> I compiled and run the pam_pkcs11.c to see how going about things. I pointed out that, anyway, user has to enter his login then enter his PIN code ( if a card is discerned ) or enter his pwd (if he forgets his card ).
> 
> the aim of my project : the user must not to enter login, the system have to be able to read the login on the card and display it. And overall, if the user forgets his card, ask him for the login and pwd.
> 
> My question :
> - is there someone who used thread in PAM in such situation ? 
> 
I tried to implement a module which utilized threads to create
child/parent processes and it works, but it created some odd behavior
within the standard text based login.

I did not test this with a GUI login so you might have better luck there.

One module you may want to take a look at for utilizing a device vs.
username/password schema is the pam_fprint module located here:
http://reactivated.net/fprint/wiki/Pam_fprint

It utilizes a secondary library which runs as a service. I think this is
something you should look into vs. utilizing a forked process within
your module. The process would be a bit easier to communicate with
within the pam stack and give you more stable results.
> Thanks for your help, 
> 
> Aro
> 
> 
> 
> _________________________________________________________________
> Avec Windows Live, vous organisez, retouchez et partagez vos photos.
> http://www.microsoft.com/northafrica/windows/windowslive/products/photo-gallery-edit.aspx
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list


-- 
Jas

"Tomorrow isn't promised so we live for today"




More information about the Pam-list mailing list