Re: get ITEMs in different pam context

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Út, 2015-08-04 at 00:04 +0200, aurel wrote:
> Hello,
> I'm developing a module who uses the current user password store in pam 
> context (PAM_AUTHTOK) recovered with pam_get_item().
> For the moment I placed my module in sudo configuration file, after 
> for preset the user. (it works fine)
> But now I have to use my module with another application (mine). In his 
> configuration file, I specified my module for auth and session.
> This application will be started by sudo ($sudo myapp). So, is it 
> possible to recover PAM_AUTHTOK in my module started by myapp ? Knowing 
> that myapp was started by sudo (so, my module has already been called 
> once).
> In this way, the user can be enter his password only one time with sudo.
> If I want get PAM_AUTHTOK in my module (call by my app) I have to invoke 
> pam_unix again. (pamh being different)

No, this is not possible. The pam items do not cross the pam context
handle boundary. But look at pam_timestamp module which if properly
configured, could help you to achieve the same effect.

Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb
(You'll never know whether the road is wrong though.)

Pam-list mailing list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux