[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PAM support lacks pam_setcred() call
From: |
Steve McIntyre |
Subject: |
Re: PAM support lacks pam_setcred() call |
Date: |
Mon, 20 Oct 2003 20:48:25 +0100 |
User-agent: |
Mutt/1.5.4i |
On Mon, Oct 20, 2003 at 11:16:18AM -0700, Marc Singer wrote:
>CVSs PAM support does not make the pam_setcred() call. The
>pam_group.so module uses this call to add UNIX groups to the user's
>process privileges. In addition, the pam_setcred() call requires
>PAM_TTY to be set.
>
>I've explored the problem enough to have discovered the root cause of
>pam_group.so failing. However, it is not sufficient to add these
>calls. The switch_to_user() call in CVS obliterates the group
>privileges added by pam_group.so. So, it seems that there is a more
>fundamental problem with the way that PAM is used in CVS.
>
>In mail exchanges with Steve McIntyre, it is clear that there are some
>pending changes to the way that CVS uses PAM, e.g. adding PamAuth
>option to CVSROOT/config. This pam_setcred() problem, too, may
>indicate that further changes are necessary.
Yes. The PamAuth thing is an addition I've made for the Debian
package. Brian, I think we need to look at PAM a little more to see
what other features people want/need... :-(
--
Steve McIntyre, Cambridge, UK. steve@einval.com
Into the distance, a ribbon of black
Stretched to the point of no turning back
signature.asc
Description: Digital signature
- PAM support lacks pam_setcred() call, Marc Singer, 2003/10/20
- Re: PAM support lacks pam_setcred() call,
Steve McIntyre <=
- Re: PAM support lacks pam_setcred() call, Brian Murphy, 2003/10/21
- Re: PAM support lacks pam_setcred() call, Steve McIntyre, 2003/10/21
- Re: PAM support lacks pam_setcred() call, Steve McIntyre, 2003/10/21
- Re: PAM support lacks pam_setcred() call, Derek Robert Price, 2003/10/21
- Re: PAM support lacks pam_setcred() call, Steve McIntyre, 2003/10/22
- Re: PAM support lacks pam_setcred() call, Derek Robert Price, 2003/10/22
Re: PAM support lacks pam_setcred() call, Brian Murphy, 2003/10/27