Re: Kernel-level authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Jun 19, 2003 at 09:31:12AM +0800, Eugene Teo wrote:
> No one has any idea?

Ah, sorry, I meant to reply. :)

> <quote sender="Eugene Teo">
> > Is it possible to do authentication via libpam in the kernel?

You've got zero userspace access in the kernel. And, I'm not sure you
really need libpam access in the kernel.

> > I am trying to write a vfs on top of my existing fs to do
> > file authentication. that means, let's assume that all users
> > can view files, but if he/she wants to use it, they have to
> > authenticate themselves first before they can use it.

I completely fail to understand this. :)

Are you intending to add something like posix 1.e draft ACLs?

> > I am thinking of using libpam as a wrapper in the kernel
> > level, so that i can change the authentication scheme if
> > needed.

The easiest way to do that is have all authentication checking
handled in userspace. A program such as /bin/login, or /bin/su, or
/usr/bin/sudo, that uses PAM, is an extremely flexible approach to
handling authentication. I guess the downside is that it is easiest ro
use PAM to change user, group, groups, and rlimits. Changing per-process
access to files is a little more work, however the "bind mounts" and
"per process namespaces" of newer kernels give you -some- degree of
freedom here.

-- 
Over 900 technologists agree: electronic voting isn't ready:
http://verify.stanford.edu/evote.html

Attachment: pgp00450.pgp
Description: PGP signature


[Index of Archives]     [Newbies FAQ]     [Linux Kernel Mentors]     [Linux Kernel Development]     [IETF Annouce]     [Git]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux SCSI]     [Linux ACPI]
  Powered by Linux