From owner-freebsd-security Fri Jan 19 12:48:34 2001 Delivered-To: freebsd-security@freebsd.org Received: from jenkins.web.us.uu.net (jenkins.web.us.uu.net [208.240.88.32]) by hub.freebsd.org (Postfix) with ESMTP id DF46637B402 for ; Fri, 19 Jan 2001 12:48:16 -0800 (PST) Received: from jenkins.web.us.uu.net (localhost.web.us.uu.net [127.0.0.1]) by jenkins.web.us.uu.net (Postfix) with ESMTP id EBCCE12686; Fri, 19 Jan 2001 15:48:15 -0500 (EST) To: "Jacques A. Vidrine" , freebsd-security@FreeBSD.ORG Cc: djm@web.us.uu.net Subject: Re: pam_setcred confusion In-Reply-To: Message from "Jacques A. Vidrine" of "Fri, 19 Jan 2001 14:14:53 CST." <20010119141453.D66917@hamlet.nectar.com> Date: Fri, 19 Jan 2001 15:48:15 -0500 From: "David J. MacKenzie" Message-Id: <20010119204815.EBCCE12686@jenkins.web.us.uu.net> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > The FreeBSD PAM is based on Linux-PAM. If you do ultimately find out > that this is a problem, please drop the Linux-PAM authors a line, > also. On a practical level, it probably depends on the assumptions made by any PAM modules that support both calls. I think I'll check the source to the standard Linux-PAM modules for that. More formally, I checked the DCE RFC for PAM (DCE-RFC 86.0 according to the FreeBSD man pages). I found it at http://www.opengroup.org/tech/rfc/rfc86.0.html. The RFC doesn't actually state which order they should be called in, but the example code in the RFC shows pam_open_session() being called before pam_setcred(). This suggests that the FreeBSD setcred.3 man page is wrong, but maybe the Linux-PAM developers had a reason for changing the order; the RFC is dated 1995. > Also see my post to this list earlier this week about the fact that > pam_setcred does not seem to work (at least in the Linux-PAM -- and > therefore FreeBSD -- implementation). I'm not on list; could you forward me a copy please? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message