On Tue, 19 Mar 2013, Seven Reeds wrote: > if I "su" while on the machine the PAM_TTY environment variable is > indeed a TTY string and is unique to the "session". However, if I > treat "ssh" like "su" and try to ssh to a different user on the same > machine, ex: > > $ ssh otherUser@xxxxxxxxxxxxxxxx > > then the PAM_TTY variable just shows "ssh". If I were logged in > multiple times then all would appear to be on the same "line", so to > speak. You cannot associate an SSHv2 session with a terminal because SSHv2 allows any number of tty channels within a single session (none, one, more). In fact it provides two separate procedures: you log in first and you create tty channels running programs (e.g. a shell) later when the session is established. > Since the tty is not available, is there a unique session identifier > that I can use? I have not seen mention of one. I am afraid there is no such identifier. You can generate your own unique id when the session is opened, store it with pam_set_data() and fetch it with pam_get_data() when the session is closed. Unfortunately, PAM specs seem to be quite lenient do not require the application to call pam_sm_open_session() and pam_sm_close_session() with the same pam_handle_t. -- Pavel Kankovsky aka Peak / Jeremiah 9:21 \ "For death is come up into our MS Windows(tm)..." \ 21st century edition / _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list