On 05/23/2011 08:10 PM, omalleys@xxxxxxx wrote:
>
> My understanding is that it is up to the calling application to log
> the data like CyrusMail should be logging auths,
VERY, VERY TRUE!!! Sorry for AOL-ing!
> If you use PAM_SET_ITEM on PAM_USER it is actually only a temporary
> change, and won't get passed back to the calling application. And I
> don't recall off the top of my head whether this gets passed through
> the rest of the pam stack or not.
Really, PAM_USER should be treated as a "read only" item by the
application, as I tried to express in my previous mail;
on the other hand, RUSER should be set from the application only when
really defined; in the case of an unknown
requestor, one can as well set RUSER to "anonymous" or "root", but not
to the proposed login.
Thank you very much, yours
lorenzo
