On Wed, Sep 26, 2007 at 01:12:26PM +0800, Ian jonhson wrote: > Hi all, > > I met a problem when using the pam_set_data()/pam_get_data() to pass > data between PAM hooks. The two functions are ok when I tested my PAM > module with a simple PAM-aware application, in which data (string > type) can be exchanged between different PAM hooks. However, when I > plug it in SSHD as a authentication module, the pam_get_data() said it > can not get data from a given name, which is used to set data by > pam_set_data(). > > I don't know what is wrong with PAM module. The simple PAM-aware > application written by me is just a process and one thread, whereas > SSHD forked several threads. So I guessed maybe the difference > between them is that PAM module is loaded by different SSHD threads. > This makes pam_get_data() in one of thread can not get data from > pam_set_data() of another thread. For example, SSHD forked a thread1 > to do authentication, which call the hook in PAM module, and set data > by pam_set_data(). Then another thread, thread2, forked by SSHD wants > to get that data by pam_get_data() before opening session. Since they > owned different thread spaces, data can be passed from thread1 to > thread2. I don't know whether my analysis is right. Maybe some one > can share his/her brain with me. > > If above analysis is correct, what I can do to deal with it? Could > anybody give me some advices? If you're using OpenSSH then your analysis is more or less correct, except that by default, sshd's authentication "thread" is actually a process and thus has its own address space. See https://bugzilla.mindrot.org/show_bug.cgi?id=688 for details. Changing this is not trivial (although the patch from David Leonard in that bug looks promising). -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
