In message <200309081909.h88J95O17699@srapc342.sra.co.jp>, Noriyuki Soda writes
:
>> Ahh, but this won't work - the whole point of PAM is that the actual
>> program needing authentication has to have the PAM module in its address
>> space so the client's address space can be altered.

>Sorry, I cannot understand your argument here.
>The problem with screensavers is that such programs have root
>privilege needlessly. If we have the wrapper program, we don't have to
>have the problem at all, because no screensaver needs to be setuid
>root, and we only have one setuid program with PAM instead of 6 extra
>setuid programs and 7 extra setgid programs like BSD auth needs.

But everyone has been saying that it is *necessary* that a PAM module
be run in the caller's address space; that this feature is required by
real-world PAM modules.

If a setuid wrapper program to run authentication works, then that
feature must be optional.

>> If, in fact, a setuid wrapper program is sufficient for PAM, then we
>> can do PAM-over-BSD-auth.

>That's not true.
>Please read my point 2 in Message-Id:
><200309081634.h88GYH514983@srapc342.sra.co.jp>

I did, and if it is correct that some PAM modules need to be able to
change the state of the caller, then those PAM modules cannot be run
under the setuid wrapper - they will not have access to the *actual*
caller.

>> No, they need to use root privileges to do something once authorized.

>It seems you are ignoring the fact that getty, ftpd, rlogind, rshd,
>telnetd, and any other programs which perform authentication (except
>screensavers) already have root privilege before performing
>authentication.

In general, yes.

>Please show an example, which performs authentication but doesn't need
>root privilege, except screensavers.

A radius server.

-s