pam_setcred() without pam_authenticate()?
Darren J Moffat
Darren.Moffat at Sun.COM
Thu Jun 5 10:22:49 EST 2003
On Wed, 4 Jun 2003, Frank Cusack wrote:
> Should pam_setcred() be called if pam_authenticate() wasn't called?
> I would say not; both of these functions are in the authenticate
> part of pam.
yes it should. pam_setcred may be doing stuff that it doesn't need the
PAM_AUTHTOK for. For example cron(1m) on Solaris calls pam_setcred.
> It seems the the 'auth' part of pam config controls which modules get
> called, so if you didn't to _authenticate() you shouldn't do _setcred().
That is a bug in the specification of PAM there really should have been
a separate auth and cred stack.
--
Darren J Moffat
More information about the openssh-unix-dev
mailing list