On Út, 2015-08-04 at 00:04 +0200, aurel wrote: > Hello, > > I'm developing a module who uses the current user password store in pam > context (PAM_AUTHTOK) recovered with pam_get_item(). > For the moment I placed my module in sudo configuration file, after > pam_unix.so for preset the user. (it works fine) > > But now I have to use my module with another application (mine). In his > configuration file, I specified my module for auth and session. > > This application will be started by sudo ($sudo myapp). So, is it > possible to recover PAM_AUTHTOK in my module started by myapp ? Knowing > that myapp was started by sudo (so, my module has already been called > once). > > In this way, the user can be enter his password only one time with sudo. > > If I want get PAM_AUTHTOK in my module (call by my app) I have to invoke > pam_unix again. (pamh being different) No, this is not possible. The pam items do not cross the pam context handle boundary. But look at pam_timestamp module which if properly configured, could help you to achieve the same effect. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb (You'll never know whether the road is wrong though.) _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list