are there "session IDs"?
Pavel Kankovsky
peak at argo.troja.mff.cuni.cz
Sun Mar 24 20:14:18 UTC 2013
On Tue, 19 Mar 2013, Seven Reeds wrote:
> if I "su" while on the machine the PAM_TTY environment variable is
> indeed a TTY string and is unique to the "session". However, if I
> treat "ssh" like "su" and try to ssh to a different user on the same
> machine, ex:
>
> $ ssh otherUser at this.machine.com
>
> then the PAM_TTY variable just shows "ssh". If I were logged in
> multiple times then all would appear to be on the same "line", so to
> speak.
You cannot associate an SSHv2 session with a terminal because SSHv2 allows
any number of tty channels within a single session (none, one, more).
In fact it provides two separate procedures: you log in first and you
create tty channels running programs (e.g. a shell) later when the session
is established.
> Since the tty is not available, is there a unique session identifier
> that I can use? I have not seen mention of one.
I am afraid there is no such identifier.
You can generate your own unique id when the session is opened, store it
with pam_set_data() and fetch it with pam_get_data() when the session is
closed. Unfortunately, PAM specs seem to be quite lenient do not require
the application to call pam_sm_open_session() and pam_sm_close_session()
with the same pam_handle_t.
--
Pavel Kankovsky aka Peak / Jeremiah 9:21 \
"For death is come up into our MS Windows(tm)..." \ 21st century edition /
More information about the Pam-list
mailing list