=?UTF-8?B?6K+35pWZ5aSn5a625LiA5LiL5YWz5LqOUEFN55qE6Zeu6aKY?=
- From: Guannan Ma <mythmgn gmail com>
- To: gnome-cn-list gnome org
- Subject: 请教大家一下关于PAM的问题
- Date: Thu, 25 Nov 2010 15:34:38 +0800
Hi, all,
最近才开始关注PAM验证方面的问题, 请大家帮忙解答下我的疑问.
先谢谢了 :)
[1] 第一个问题是关于PAM 里面的session的PAM里面的session管理主要提供了两个函数,pam_open_session pam_close_session
我的疑问是, 我open session之后, 得到了什么样的环境. 在我执行过open_session之后? PAM为我做了什么?
在pam_open_session 和pam_close_session之间 我得到了什么特权? 或者说什么样的特殊环境.
[2] 第二个问题关于PAM 里的设置credential我援引一下pam的函数介绍.
On a Linux system
the user's UID and GID's are credentials too. However, it has been
decided that these properties (along with the default supplementary
groups of which the user is a member) are credentials that should be set
directly by the application and not by PAM. Such credentials should be
established, by the application, prior to a call to this function. For
example, initgroups(2) (or equivalent) should have been performed.
这句话, 也就是说我程序的组设置和uid设置, 是先于setcredential的. 那我设置这个credential 有啥用处?我用它来做什么?
int pam_setcred(pamh, flags);
pam_handle_t *pamh;int flags;
3.1.8.1. DESCRIPTION
The pam_setcred function is used to establish, maintain and delete the credentials of a user. It should be called to set the credentials after a user has been authenticated and before a session is opened for the user (with pam_open_session(3)). The credentials should be deleted after the session has been closed (with pam_close_session(3)).
A credential is something that the user possesses. It is some property, such as a Kerberos ticket, or a supplementary group membership that make up the uniqueness of a given user. On a Linux system the user's UID and GID's are credentials too. However, it has been decided that these properties (along with the default supplementary groups of which the user is a member) are credentials that should be set directly by the application and not by PAM. Such credentials should be established, by the application, prior to a call to this function. For example, initgroups(2) (or equivalent) should have been performed.
PAM的文档搜索起来很费劲.. 大部分的实例都是关于auth方面的.. 这个session方面的比较少.
请懂这方面的朋友给我示意下 这个session到底能做些什么?
我现在在做C/S server端的开发.. 想引入pam做用户管理 最近在想这个用户对话的保存, 不知道pam是否能满足条件.
再次致谢.
--
Regards,
Guannan
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]