On Fri, Aug 18, 2000 at 03:38:47PM -0400, Nicolas Williams wrote: > One thing I realize is that several LinuxPAM modules perform account > authorization checks in pam_sm_authenticate() rather than in > pam_sm_acct_mgmt(). I think this is a mistake. I think the last time this was brought up on this list, everyone who voiced an opinion agreed with that. > I'm also mystified by the number of modules that provide noop > pam_sm_setcred() functions, instead of not providing any. If your module provides pam_sm_authenticate(), you're required to provide pam_sm_setcred(), even if it does nothing. > The /bin/login / PAM interaction sequence for the successful login case > should probably be: > > - process options > - call pam_start() > - call pam_authenticate() unless -f && euid == 0 I think there should be a call to pam_acct_mgmt() here, specifically to support correct usage of modules like pam_shells and pam_securetty. > - call pam_open_session() to deal with utmp, logging, auditing, tty ownership > - setgid(), setgroups() > - call pam_setcred() to establish creds > - setuid() > - pam_end() > - cd to the user's home directory > - exec() the user's shell You can't pam_end() before the shell starts, because you have to call pam_setcred(PAM_DELETE_CREDS) and pam_close_session() before you do that. For this to work, login forks, handles the last two steps, and the parent takes care of a proper PAM shutdown when its child exits. Nalin
