Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 06 Sep 2021 16:01:37 +0200
From:      Steffen Nurpmeso <steffen@sdaoden.eu>
To:        freebsd-current@freebsd.org
Cc:        Eric McCorkle <eric@metricspace.net>, Greg <greg@unrelenting.technology>, FreeBSD Hackers <freebsd-hackers@freebsd.org>
Subject:   Re: PAM module for loading ZFS keys on login
Message-ID:  <20210906140137.iGt2J%steffen@sdaoden.eu>
In-Reply-To: <b265fa82-53f2-59f4-65c2-b07a9412bf83@metricspace.net>
References:  <b4d216da-d4b8-12a6-3873-566e5044678c@metricspace.net> <67F44CFE-2496-4B13-8583-8A80D9ED3A4A@unrelenting.technology> <b265fa82-53f2-59f4-65c2-b07a9412bf83@metricspace.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
Eric McCorkle wrote in
 <b265fa82-53f2-59f4-65c2-b07a9412bf83@metricspace.net>:
 |Interesting, I wasn't aware of the upstream module.  I'd say that's

It's existence was the reason i have readded (now optional, and
a tad different) session support for my pam_xdg PAM module,
because i was thinking that, if such a many-eyes-seen thing of
a software project that claims to be and aims at being enterprise,
ships such a terrible and terribly broken thing, then i can also
offer session tracking.  But my manual at least states

  CAVEATS
       On Unix systems any =E2=80=9Cdaemonized=E2=80=9D program or script i=
s reparented to the
       program running with PID 1, most likely leaving the PAM user session
       without PAM recognizing this.  Yet careless such code may hold or ex=
pect
       availability of resources of the session it just left, truly perform=
ing
       cleanup when sessions end seems thus unwise.  Since so many PAM modu=
les
       do support session tracking and cleanup pam_xdg.so readded optional =
sup=E2=80=90
       port for this.

But the real solution would be PAM session tracking in-kernel,
somehow, wouldn't it?
Also, on FreeBSD and OpenPAM many separate files exist in
/etc/pam.d for things which might open a session, whereas linuxpam
at least has /etc/pam.d/common-session; it has many common- things
in fact, and in /etc/pam.d/sshd i for example see

  #
  # /etc/pam.d/sshd - openssh service module configuration
  #

  auth        include common-auth

  account     include common-account

  password    include common-password

  session     include common-session

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20210906140137.iGt2J%steffen>