On Tue, 26 Nov 2002, Ed Wilts wrote: > On Tue, Nov 26, 2002 at 08:57:56PM +0000, Joerg Sommer wrote: > > Hi, > > > > I search a pam module, that kills all processes of a user, after he has > > logged out. Is there such a module anywhere? Or is there another way to > > do this? > > I'm not sure why you think pam is the right tool for this. pam is for > *authentication* modules. If the user has already logged out, what > authentication should take place? Autentication client (like sshd) should call pam_close_session() after the session has ended which can do this kind of thing. I have myself written a PAM modules which unmounts filesystems (like cdroms) which the users have forgotten to unmount. RedHat:s pam_console modules takes away console ownership to audiocards, cdroms, etc. AFAIK, pam_close_session() has been put there just so that sysadmin is able to clean up after the session has ended; this is not only for authentication tokens and kerberos tickets, but also for resources which should not be available to the user _after_ he has logged out (like local cdrom drives and audiocards). But no, I don't know if anyone has ever written such a module. But it is certailnly possible to do and IMO, PAM-module would be the right way to do it. - Jani _______________________________________________ Pam-list@redhat.com https://listman.redhat.com/mailman/listinfo/pam-list
