Re: pam_keyinit and common-session

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2017-06-27 at 13:26 +0200, Josef Moellers wrote:
> Hi,
> 
> We have a "common-session" file in the /etc/pam.d directory which
> contains all the modules that should generally be called when
> establishing a session: pam_limits, pam_unix, pam_umask, pam_systemd,
> pam_env.
> 
> We now would like to include pam_keyinit in this file but "this
> module
> should not [...] be invoked by programs like "su""!
> 
> Does anyone have an idea how to include pam_keyinit everywhere but
> not
> for "su" and friends? The obvious answer would be to explicitly
> include
> it in all the other files in /etc/pam.d. Another idea would be to put
> "pam_keyinit" in "common-session" and then have a separate
> "common-session-su" (or "common-session-nokeyinit") which does not
> have
> pam_keyinit.
> 
> But I'm hoping for a better solution.

You can jump over it with pam_succeed_if.so.

-- 
Tomáš Mráz
Red Hat

No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]

 * Google and NSA associates, this message is none of your business.
 * Please leave it alone, and consider whether your actions are
 * authorized by the contract with Red Hat, or by the US constitution.
 * If you feel you're being encouraged to disregard the limits built
 * into them, remember Edward Snowden and Wikileaks.

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list




[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux