pam_setcred() without pam_authenticate()?

Frank Cusack fcusack at fcusack.com
Thu Jun 5 08:55:57 EST 2003


On Wed, Jun 04, 2003 at 10:54:12PM +0100, Simon Wilkinson wrote:
> On Wed, 4 Jun 2003, Frank Cusack wrote:
> > Should pam_setcred() be called if pam_authenticate() wasn't called?
> > I would say not; both of these functions are in the authenticate
> > part of pam.
> >
> > It seems the the 'auth' part of pam config controls which modules get
> > called, so if you didn't to _authenticate() you shouldn't do _setcred().
> 
> Some modules use calls to pam_setcred to store credentials to disk, based

What credentials?  PAM doesn't have them (since you didn't call
pam_authenticate()) and you can't prompt for them at this point.

> on other authentication credentials obtained earlier in the process. For
> example, to gain AFS credentials based on Kerberos credentials.

hmm

/fc




More information about the openssh-unix-dev mailing list