Gary Winiger wrote: >> I understand the desire not to run the screensaver program with >> privileges but the component that calls libpam(3pam) API needs to be >> running with privilege. It isn't and shouldn't be up to the modules to >> work out what privilege they need. >> >> Unfortunately this was never well documented in any PAM documentation so >> I can easily understand how the setuid helper for authentication was >> implemented. > > How does this helper architecture present a Trusted Path to the > user:
It doesn't, but see Brian's email about Xauth & Trusted Path. > How does it support pam_setcred()? It doesn't but Linux PAM's pam_unix.so doesn't do the type of things that the OpenSolaris pam_unix_cred.so does (which is OpenSolaris feature specific). -- Darren J Moffat
