Date: Tue, 23 Jan 2001 16:13:18 -0600 From: "Jacques A. Vidrine" <n@nectar.com> To: "David J. MacKenzie" <djm@web.us.uu.net> Cc: freebsd-security@freebsd.org Subject: Re: PAM patches, iteration 4 Message-ID: <20010123161318.A95429@hamlet.nectar.com> In-Reply-To: <20010123184611.E675046C7@dagger.web.us.uu.net>; from djm@web.us.uu.net on Tue, Jan 23, 2001 at 01:46:11PM -0500 References: <20010123184611.E675046C7@dagger.web.us.uu.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jan 23, 2001 at 01:46:11PM -0500, David J. MacKenzie wrote:
> I've updated the docs to reflect PAM, cleaned up some error handling,
> and included my patch to work around the pam_setcred() dispatch problem.
> I also removed the non-logincap code path from su and rshd, since it's
> already mandatory in login. As before, this replaces my earlier patches.
> I'd welcome having PAM experts examine them closely. I think they're
> ready for a wider audience.
Oops, I just committed a 3-line patch to login.c to call pam_setcred.
This'll put your diff off a wee bit.
These patches look like good to me. The pam_setcred workaround is no
worse than what we have now [1], and it is useful.
I'll let you know how they work for me (on -STABLE).
Thanks!
--
Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org
[1] All the PAM modules in the base system just return PAM_SUCCESS, so
this will have no effect unless a third-party module is installed,
such as ports/security/krb5.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010123161318.A95429>