[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Google
  Web www.spinics.net

Re: Login PAM interaction suspect

On Thu, Nov 17, David Mitton wrote:


> Which was the first thing I saw login do wrong.  It calls pam_open_session 
> before pam_setcred.  I'm waiting for someone to explain that.

As I think somebody wrote already here: it's a bug in login where
I did send already a patch upstream.

> The scope of what it means to set credentials is obscure here.
> Since typically credentials are username and password and they are either 
> stored in a local file or a remote server.

No, this are not credentials. This is the authentication stuff.
Credentials tells the system what you are allowed to do and what not.

> The UID and GID are not credentials in the typical authentication sense.

They are credentials in a typical UNIX system, but you are right
that they are not for authentication. But they tell the system later
what you are allowed to do and what not.

  Thorsten

-- 
Thorsten Kukuk, Project Manager/Release Manager SLES
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

[Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

Add to Google Powered by Linux