Re: are there "session IDs"?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 19 Mar 2013, Seven Reeds wrote:

> if I "su" while on the machine the PAM_TTY environment variable is
> indeed a TTY string and is unique to the "session".  However, if I
> treat "ssh" like "su" and try to ssh to a different user on the same
> machine, ex:
> 
>         $ ssh otherUser@xxxxxxxxxxxxxxxx
> 
> then the PAM_TTY variable just shows "ssh".  If I were logged in
> multiple times then all would appear to be on the same "line", so to
> speak.

You cannot associate an SSHv2 session with a terminal because SSHv2 allows
any number of tty channels within a single session (none, one, more).  
In fact it provides two separate procedures: you log in first and you
create tty channels running programs (e.g. a shell) later when the session
is established.

> Since the tty is not available, is there a unique session identifier
> that I can use?  I have not seen mention of one.

I am afraid there is no such identifier.

You can generate your own unique id when the session is opened, store it
with pam_set_data() and fetch it with pam_get_data() when the session is
closed. Unfortunately, PAM specs seem to be quite lenient do not require
the application to call pam_sm_open_session() and pam_sm_close_session() 
with the same pam_handle_t.

-- 
Pavel Kankovsky aka Peak                          / Jeremiah 9:21        \
"For death is come up into our MS Windows(tm)..." \ 21st century edition /

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list




[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux