sysvinit-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PAM support? (Was: [sysvinit] Re: ?New sysvinit version 2.89dsf?)

From: Petter Reinholdtsen
Subject: Re: PAM support? (Was: [sysvinit] Re: ?New sysvinit version 2.89dsf?)
Date: Wed, 24 Mar 2010 18:44:12 +0100
User-agent: Mutt/1.4.2.2i 
[Dr. Werner Fink]
> Currently I've a few open points for PAM support ...
> 
>  Which processes should be enabled to use PAM?
>    IMHO we may skip `+' with their own utmp/wtmp housekeeping
>    Also the support could be used for system initial boot
>    and runlevel changes together with the sulogin respawn entry

I have not investigated this PAM patch, but my initial thought would
be to use pam only for the sysvinit stuff that need to ask for a user
password (single user), to make sure any pam authentication method
will work to get root access in an emergency.

>  Also I'm missing something like housekeeping of PAM sessions
>  that is if a process has finised what happens to the PAM seesion?
> 
>  Then I've to use
> 
>        misc_conv()
> 
>  from libpam_misc which (hoepfully) isn't used :(
> 
>  Then the manual page of pam_setcred() told me that we shall use
>  it *before* pam_open_session() ... which is currently reversed.

Session handling might be a problem, but as I said, I have not
investigated this.

>  Beside this we require a further file that is
> 
>        /etc/pam.d/init
> 
>  otherwise the stuff makes no sense.

I would expect it to use /etc/pam.d/login.

Happy hacking,
-- 
Petter Reinholdtsen
reply via email to
[Prev in Thread] Current Thread [Next in Thread]