Subject: Re: integrating PAM
To: Alan Barrett <email@example.com>
From: None <firstname.lastname@example.org>
Date: 01/25/2003 00:49:27
On Fri, Jan 24, 2003 at 09:35:59AM +0200, Alan Barrett wrote:
> On Thu, 23 Jan 2003, Jason R Thorpe wrote:
> > As Paul and others have pointed out, BSD Auth does have some nice
> > properties. But it does have one really major drawback, that being
> > the inability to modify the calling process's state (with the
> > exception of environment variables, as Paul pointed out it can do),
> Is it possible to enumerate the kinds of changes to the calling
> process's state that should be possible?
> If so, one could have a protocol for plug in modules that execute in a
> different process (a la BSD Auth) to communicate the necessary changes
> to a shim that lives inside the calling process (probably in a shared
> library). The protocol and the shared library shim would have to change
> when new kinds of process state are added, but I hope that that would be
The shared library could also dynamically load another (almost arbitrary)
library for handling specific classes of process state.
AFS tokens, at least, can be yanked from the kernel, sent through a
pipe or network connection, and then shoved back into a kernel.
Kevin P. Neal http://www.pobox.com/~kpn/
Seen on bottom of IBM part number 1887724:
DO NOT EXPOSE MOUSE PAD TO DIRECT SUNLIGHT FOR EXTENDED PERIODS OF TIME.