Re: get ITEMs in different pam context

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Út, 2015-08-04 at 00:04 +0200, aurel wrote:
> Hello,
> 
> I'm developing a module who uses the current user password store in pam 
> context (PAM_AUTHTOK) recovered with pam_get_item().
> For the moment I placed my module in sudo configuration file, after 
> pam_unix.so for preset the user. (it works fine)
> 
> But now I have to use my module with another application (mine). In his 
> configuration file, I specified my module for auth and session.
> 
> This application will be started by sudo ($sudo myapp). So, is it 
> possible to recover PAM_AUTHTOK in my module started by myapp ? Knowing 
> that myapp was started by sudo (so, my module has already been called 
> once).
> 
> In this way, the user can be enter his password only one time with sudo.
> 
> If I want get PAM_AUTHTOK in my module (call by my app) I have to invoke 
> pam_unix again. (pamh being different)

No, this is not possible. The pam items do not cross the pam context
handle boundary. But look at pam_timestamp module which if properly
configured, could help you to achieve the same effect.

-- 
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb
(You'll never know whether the road is wrong though.)


_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list




[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux