On Tue, Sep 04, 2007 at 12:41:16PM +0200, Tobias Heide wrote: > I hope, my posting won't arrive twice, because I first used a wrong > Sender-Address... > I am about to implement a XACML-PAM-Module for a student research > project. As a test-application I have to use a SOCKS5-Server, which > already has some basic PAM-Support (Dante). > But: I want to pass information from the Server to the PAM-Module, e.g. > the destination address of the request. The PAM-Module should then pass > this information to the XACML-"Server". The general goal is, to have > more information to make the authorisation-decision. > I plan to pass this information by pam_*env-functions. Is this a safe > way? Are there any objections? I could not find any module that makes > use of these functions, so I thought it might not be recommended? If you have to code both your app and your module to exchange extra information, then it's no longer very "pluggable", is it? When a module needs additional information in order to do its job, it's expected that the module will use the conversation function provided by the app in order to request this information from the user in some fashion. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. vorlon@xxxxxxxxxx http://www.debian.org/ _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
