Hello, Slawa. You wrote 3 сентября 2013 г., 14:39:22: >> >> And how in this case can be resolved situation with PAM credentials >> >> (Kerberos credentials in may case)? >> DES> The application does not need them. >> They are written to disk with pam_open_session() and this call should be >> called by sshd, not some "authorization daemon", if I understand situation >> right. Or don't I? SO> Written to disk with pam_setcred(), not pam_open_session(). And yes, SO> by sshd, after drop priveleges. And set KRB5CCNAME. "authorization SO> daemon" can't be set environment in other process. des@ suggests to have ability to pass env variables from authorization daemon, but anyway, pam_setcred() should be called by shell process (or its parent), and not any process in system, am I right?
-- // Black Lion AKA Lev Serebryakov <[email protected]> _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
