Date: Fri, 19 Jan 2001 15:48:15 -0500 From: "David J. MacKenzie" <djm@web.us.uu.net> To: "Jacques A. Vidrine" <n@nectar.com>, freebsd-security@FreeBSD.ORG Cc: djm@web.us.uu.net Subject: Re: pam_setcred confusion Message-ID: <20010119204815.EBCCE12686@jenkins.web.us.uu.net> In-Reply-To: Message from "Jacques A. Vidrine" <n@nectar.com> of "Fri, 19 Jan 2001 14:14:53 CST." <20010119141453.D66917@hamlet.nectar.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> The FreeBSD PAM is based on Linux-PAM. If you do ultimately find out > that this is a problem, please drop the Linux-PAM authors a line, > also. On a practical level, it probably depends on the assumptions made by any PAM modules that support both calls. I think I'll check the source to the standard Linux-PAM modules for that. More formally, I checked the DCE RFC for PAM (DCE-RFC 86.0 according to the FreeBSD man pages). I found it at http://www.opengroup.org/tech/rfc/rfc86.0.html. The RFC doesn't actually state which order they should be called in, but the example code in the RFC shows pam_open_session() being called before pam_setcred(). This suggests that the FreeBSD setcred.3 man page is wrong, but maybe the Linux-PAM developers had a reason for changing the order; the RFC is dated 1995. > Also see my post to this list earlier this week about the fact that > pam_setcred does not seem to work (at least in the Linux-PAM -- and > therefore FreeBSD -- implementation). I'm not on list; could you forward me a copy please? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010119204815.EBCCE12686>