New PAM code landing (at last)

[James Williamson]

> On Sun, May 11, 2003 at 08:29:28AM +0100, James Williamson wrote:
> > I've scanned the code and the PAM stuff is actually broken despite the
> > privileges.
> > The credentials stage is actually called after the session stage which
runs
> > contra
> > to what the linux pam docs specify (i.e. it should be done before).
>
> What is the credentials stage?  pam_setcred()?
>
> Both the the Sun docs (Solaris 9_u2):
>
>      The pam_setcred() function is used to establish, modify,  or
>      delete  user  credentials.  It is typically called after the
>      user has been authenticated and after  a  session  has  been
>      opened.
>
> and the Linux-PAM docs (Linux-PAM-0.72):
>
>   This function is used to set the module-specific credentials of the
>   user.  It is usually called after the user has been authenticated,
>   after the account management function has been called and after a
>   session has been opened for the user.
>
> say that you call this after pam_open_session().

Well I'm looking here:

http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam_appl-3.html

extern int pam_setcred(pam_handle_t *pamh, int flags);

"This function is used to set the module-specific credentials of the user.
It is usually called after the user has been authenticated, after the
account management function has been called but before a session
has been opened for the user. "

Regards,

James Williamson
www.nameonthe.net
Tel: +44 208 7415453
Fax: + 44 208 7411615