[PATCH] a library and, uh, a PAM module
Patrice Dumas
pertusus at free.fr
Thu Mar 1 01:51:05 PST 2007
On Wed, Feb 28, 2007 at 07:44:12PM -0500, William Jon McCann wrote:
>
> And by "standard pam" you mean... ?
> http://en.wikipedia.org/wiki/Pluggable_Authentication_Modules
Yes, and more precisely I was thinking about adding something in
pam items:
http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/adg-interface-by-app-expected.html#adg-pam_set_item
> And last time I checked openssh sets PAM_TTY to "ssh". Awesome. :)
>
> And for more hilarity check out:
> http://www.google.com/codesearch?q=PAM_TTY
That's why there is certainly a need to add one item for the device
and one separate for the display. That way PAM_TTY may still be something
only informative.
> Right. I am completely unconvinced that PAM offers anything at all in
> this case. I think it is all a bit silly but we have bigger fish to
> fry. It is just another point of failure and a way for sysadmins to
> unwittingly make HAL fail - oh well.
A very strange assumption about sysadmins. Sysadmins want to be able
to control what is happening during session opening -- that's the point
of having a flexible and configurable framework like pam. That way
sysadmins may define a per-application policy. Sysadms are not your
enemy and they have needs in flexibility different from simple desktop
users.
--
Pat
More information about the hal
mailing list