Subject: Re: integrating PAM
To: None <email@example.com>
From: David S. <firstname.lastname@example.org>
Date: 01/22/2003 14:43:05
> PAM modules are shared libraries that are dynamically loaded at
> run time. Which modules/libraries get loaded and in what order is
> determined by a configuration file. This can be determined on a per
> app basis
> A "files" module would most likely simply use getpwent() or
> directly read /etc/spwd.db. Obviously for this to work the program
> doing the authentication would have to be running as root.
This could be handled with 'systrace' policies and privilege elevation,
> there is nothing stopping a module from fork()ing and exec()ing a
> setuid helper app. But, as I noted earlier, then you have a different
> problem, which is secure inter-process communication.