Fabrizio, let me add some comments:
1) I think the question is why after pam_start, the function pam_get_item(..., PAM_SERVICE,..), doesn't return the name of the real loaded service? I sow in the source of xscreensaver the same comment about this problem.
pam_get_item() on client side (what the user program calls) is not the same as pam_get_item() you see on the module side (though it's in fact much the same code). It returns to you (the user) willingly just what you put in, _NOT_ what it makes from your input. Remember User/Modules are quite like Client/Server. However: if anybody outside konws a dirty trick to do this without a SUID helper, please let me know, maybe alas we found the circle's quadrature.
2) Yes. This was an option that I tried. But I saw that xscreensaver have the same problem, so it must be a solution without start a Sbit program (maybe?)!
Of cousrse this has to be a SUID helper program, because all the PAM client calls run in the context of the calling user. Regards Andreas -- Dr.-Ing. Andreas Schindler Alpha Zero One Computersysteme GmbH Frankfurter Str. 141 63303 Dreieich Telefon 06103-57187-21 Telefax 06103-373245 schindler@xxxxxx www.az1.de _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
