OpenSSH, PAM and kerberos
Dag-Erling Smørgrav
des at des.no
Tue Sep 3 11:31:13 UTC 2013
Lev Serebryakov <lev at FreeBSD.org> writes:
> des@ suggests to have ability to pass env variables from authorization
> daemon, but anyway, pam_setcred() should be called by shell process
> (or its parent), and not any process in system, am I right?
Everything pam_setcred() does can be done in a separate process, and the
result returned to the application using sendmsg().
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-security
mailing list