Re: Passing information from app to module by pam_*env

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Sep 04, 2007 at 12:41:16PM +0200, Tobias Heide wrote:
> I hope, my posting won't arrive twice, because I first used a wrong
> Sender-Address...

> I am about to implement a XACML-PAM-Module for a student research
> project. As a test-application I have to use a SOCKS5-Server, which
> already has some basic PAM-Support (Dante).

> But: I want to pass information from the Server to the PAM-Module, e.g.
> the destination address of the request. The PAM-Module should then pass
> this information to the XACML-"Server". The general goal is, to have
> more information to make the authorisation-decision.

> I plan to pass this information by pam_*env-functions. Is this a safe
> way? Are there any objections? I could not find any module that makes
> use of these functions, so I thought it might not be recommended?

If you have to code both your app and your module to exchange extra
information, then it's no longer very "pluggable", is it?

When a module needs additional information in order to do its job, it's
expected that the module will use the conversation function provided by the
app in order to request this information from the user in some fashion.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@xxxxxxxxxx                                   http://www.debian.org/

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux