Yeah you have, so my problem isnt that i am loading the module in the
wrong file or location, it is forking to whatever accout has a UID of
3. I have double checked the /etc/passwd for any account with that UID
and there isn't one listed. Is that normal? Also how can I find out if
PAM is being executed as root?
Thanks again for the info.
Joe Lewis wrote:
Jason Gerfen wrote:
I am writting a pam module and it works fine, does simple logging of
login attempts etc. The problem with this is it only seems to load
if I use the /etc/pam.d/gdm file to load it.
For all Gnome Display Manager login's, it will use the gdm file.
From what I understand about PAM the /etc/pam.d/login file should be
the one to load the module to log authentication attempts correct?
/etc/pam.d/login is used for text-console-based logins. This is the
beauty of PAM - different login mechanisms for different services.
Second question, as I am writting this I attempt to get the current
owner of the process and it is coming up as UID & EUID as 3? Is this
a system user? I could not google up anything on this behavior.
Look in /etc/passwd for the account with UID of 3.
My third question is if PAM is not running as the root user is there
an existing module that will switch to the root user on the fly in
order to run some authentication commands before returning to the
normal user? Any help is appreciated...
There is no mechanism to switch to root for the authentication.
Often, a service will be running as root. When an authentication
request comes in, a separate process will be fork()ed, and that
process switches from root to the user that just authenticated, while
the service starts listening again for new connections.
If you build a PAM-aware application, make sure that it is executed as
root, or any authentications will fail (because only root has access
to the shadow password files).
I was playing with a test application, and it would only allow the
current user to authenticate. As soon as the application became root
and could gain access to the shadow files, I could authenticate any
user in the files.
I hope I've answered a few questions in my ramblings. Let me know if
I haven't.
Joe
_______________________________________________
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
--
Jason Gerfen
"...Sometimes I just yell at myself. And it
makes me sad, sometimes I make myself cry..."
~ My nephew Dawsyn
_______________________________________________
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
