On Thu, Jun 19, 2003 at 09:31:12AM +0800, Eugene Teo wrote: > No one has any idea? Ah, sorry, I meant to reply. :) > <quote sender="Eugene Teo"> > > Is it possible to do authentication via libpam in the kernel? You've got zero userspace access in the kernel. And, I'm not sure you really need libpam access in the kernel. > > I am trying to write a vfs on top of my existing fs to do > > file authentication. that means, let's assume that all users > > can view files, but if he/she wants to use it, they have to > > authenticate themselves first before they can use it. I completely fail to understand this. :) Are you intending to add something like posix 1.e draft ACLs? > > I am thinking of using libpam as a wrapper in the kernel > > level, so that i can change the authentication scheme if > > needed. The easiest way to do that is have all authentication checking handled in userspace. A program such as /bin/login, or /bin/su, or /usr/bin/sudo, that uses PAM, is an extremely flexible approach to handling authentication. I guess the downside is that it is easiest ro use PAM to change user, group, groups, and rlimits. Changing per-process access to files is a little more work, however the "bind mounts" and "per process namespaces" of newer kernels give you -some- degree of freedom here. -- Over 900 technologists agree: electronic voting isn't ready: http://verify.stanford.edu/evote.html
Attachment:
pgp00450.pgp
Description: PGP signature