Jason King wrote:
> On Thu, Mar 6, 2008 at 7:03 AM, Darren J Moffat <Darren.Moffat at sun.com>
> wrote:
>> What other PAM modules (from Linux-PAM or other places) would you like
>> to see included in OpenSolaris distros (specifically in Solaris Express
>> and the Indiana project distro) ?
>>
>>
>> --
>> Darren J Moffat
>> _______________________________________________
>> security-discuss mailing list
>> security-discuss at opensolaris.org
>>
>
> pam_xauth would be nice
I have a version of that concept in my home dir that I wrote years ago,
but the one from Linux-PAM is configurable so might be worth looking at.
I don't use it anymore though these days I tend to just do this:
$ xhost +SI:localuser:root
before doing the su to root (I have it wrapped in a shell function though):
zsu()
{
if [ "$1" = "" ]; then
xhost +SI:localuser:root
/bin/su root -c /bin/zsh
elif [ "$1" = "-" ]; then
xhost +SI:localuser:root
/bin/su - root -c /bin/zsh
else
/bin/su "$@" -c /bin/zsh
fi
}
The reason there is no xhost - after the su is to avoid having to count
the number of logins and know when it is safe to undo it. pam_xauth
suffers the same issue (as does most things with creds).
--
Darren J Moffat
