On Wed, 27 Nov 2002, Joerg Sommer wrote: > Ed Wilts <ewilts@ewilts.org> wrote: > > On Tue, Nov 26, 2002 at 08:57:56PM +0000, Joerg Sommer wrote: > >> Hi, > >> > >> I search a pam module, that kills all processes of a user, after he has > >> logged out. Is there such a module anywhere? Or is there another way to > >> do this? > > > > I'm not sure why you think pam is the right tool for this. pam is for > > *authentication* modules. If the user has already logged out, what > > authentication should take place? > > Nothing, but pam knows, when the user logges out. Like pam-krb5 removes > the user tickets, another pam modul can kill all processes. You say "pam knows when the user logs out". It knows when _that instance_ of the user logs out. But there may be other user processes which ought to be allowed to continue: other concurrent logins, an active cron job, a mail delivery, a pop/imap daemon, a batch job, etc. It would need an exception mechanism, for example: root(!), the sendmail (non-root) id. And/or perhaps a "damage limitation" mechanism that only killed processes with the same controlling terminal (but that may not catch some backgrounded things you might want to catch). I'm not yet convinced that PAM is the right tool for this task. At our site we use "Big Brother" <http://bb4.com/> to monitor systems, and are cautiously introducing its ability to kill certain things. Hope that helps. -- : David Lee I.T. Service : : Systems Programmer Computer Centre : : University of Durham : : http://www.dur.ac.uk/t.d.lee/ South Road : : Durham : : Phone: +44 191 374 2882 U.K. : _______________________________________________ Pam-list@redhat.com https://listman.redhat.com/mailman/listinfo/pam-list
