Stopping and starting the session dbusdaemon with PAM.

[Stef Bon]

On Monday 24 October 2005 15:53, you wrote:
> Stef Bon wrote:
> > Hi,
> >
> > Well with PAM you can use the PAM_AUTHTOK for example very easy.
> > pam_script can make this value available to the script it's running.
> > That's very powerfull. Not for dbus, but for the combination FUSE and
> > fusesmb this value can be used for the configuration file of fusesmb to
> > browse the network.
>
> Yes, but I don't want D-Bus to know my password. Essentially you are
> saying this is a more complicated way to start D-Bus in your bash
> profile, with more external dependencies and code that runs with
> unrequired priveledges, exposing secret information to D-Bus, and no
> actual benefits at all? Why are you doing this?

No. I'm afraid it's too complicated to explain in a few sentences. Look for a 
full description at:

http://linux.bononline.nl/linux/pamscript

pamscript.so is in the /etc/pam.d file in two places:
- auth section
- session open/close section
In the auth section the password is made available, not in the session 
sections. The pamscript.so in the authsection launches standard the 
script /etc/onauth. In the sessionsection is launches the 
files /etc/onsessionopen and /etc/onsessionclose. 
  
Dbus does not get to know the password. No way! I've only constructed 
something to make it available to applications which need it:
FUSE/fusesmb. Again look at my website for full details.

I want to create a place in my login process where I can start applications in  
a generalised way. With PAM and pamscript this is possible. Especially for 
applications working with credentials it is working better than via bash 
scripts. Many people criticized me saying this is not better than doing the 
same via the bash scripts. Well in the case of dbus they have a point. I can 
figure out a way of doing the same for dbus via bashscripts 
(with little adjustment of the bash startupfiles this becomes very easy)

Stef Bon