[Bug 789] pam_setcred() not being called as root
Dag-Erling Smørgrav
des at des.no
Mon Jan 26 00:19:19 EST 2004
bugzilla-daemon at mindrot.org writes:
> I can't find any reference to PAM modules being guaranteed to run as root in
> either the Open Group PAM RFC [1] or the Linux PAM documentation [2], so an
> alternative viewpoint could be that pam_group is making unwarranted assumptions
> about its environment, doing unnecessary things and failing because of it :-)
There is an underlying assumption in PAM that it runs with arbitrator
privileges. In Unix and Unix-like systems, this means root. It makes
no sense to call pam_setcred() when you do not have the authority to
grant said credentials.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the openssh-unix-dev
mailing list