> Conceptually, yes. > In the PAM world, authorization checks such as this are done as part of > the "authenticate" operation, not the "account management" operation.
Seems to me, then, that PAM is lacking proper handling of user
authorization. It may not be much different from handling authorization
and authentication together, but looks like having different hooks for
these different things might be a good idea. Go whine to PAM people? =)
As what comes to various other things discussed under the topic, the first
solution I came up with was to add the sshd host to PTS, and give rl to
this principal, but sshd *leaks* this token to the user. Is this actually
a PAG problem?
I put the symlinks in place and things are fine, so thanks for help!
[Russ: the earlier problem on debian-devel was indeed related to the
aes keys, so thanks for that, too.]
-Juha
--
-----------------------------------------------
| Juha Jäykkä, [EMAIL PROTECTED] |
| Laboratory of Theoretical Physics |
| Department of Physics, University of Turku |
| home: http://www.utu.fi/~juolja/ |
-----------------------------------------------
pgpi7n6gj24Wa.pgp
Description: PGP signature
