On Thu, Nov 17, David Mitton wrote: > Which was the first thing I saw login do wrong. It calls pam_open_session > before pam_setcred. I'm waiting for someone to explain that. As I think somebody wrote already here: it's a bug in login where I did send already a patch upstream. > The scope of what it means to set credentials is obscure here. > Since typically credentials are username and password and they are either > stored in a local file or a remote server. No, this are not credentials. This is the authentication stuff. Credentials tells the system what you are allowed to do and what not. > The UID and GID are not credentials in the typical authentication sense. They are credentials in a typical UNIX system, but you are right that they are not for authentication. But they tell the system later what you are allowed to do and what not. Thorsten -- Thorsten Kukuk, Project Manager/Release Manager SLES SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
