=?UTF-8?B?UmU6IOivt+aVmeWkp+WutuS4gOS4i+WFs+S6jlBBTeeahOmXrumimA==?=

From: Guannan Ma <mythmgn gmail com>
To: gnome-cn-list gnome org
Subject: Re: 请教大家一下关于PAM的问题
Date: Thu, 25 Nov 2010 16:29:41 +0800

或者谁给我个关于怎么维护 C客户端/S服务器端会话的例子?

谢谢

2010/11/25 Guannan Ma <mythmgn gmail com>

Hi, all,
最近才开始关注PAM验证方面的问题, 请大家帮忙解答下我的疑问.
先谢谢了 :)

[1] 第一个问题是关于PAM 里面的session的

PAM里面的session管理主要提供了两个函数,pam_open_session pam_close_session

我的疑问是, 我open session之后, 得到了什么样的环境. 在我执行过open_session之后? PAM为我做了什么?
在pam_open_session 和pam_close_session之间我得到了什么特权? 或者说什么样的特殊环境.

[2] 第二个问题关于PAM 里的设置credential

我援引一下pam的函数介绍.

On a Linux system the user's UID and GID's are credentials too. However, it has been decided that these properties (along with the default supplementary groups of which the user is a member) are credentials that should be set directly by the application and not by PAM. Such credentials should be established, by the application, prior to a call to this function. For example, initgroups(2) (or equivalent) should have been performed.

这句话, 也就是说我程序的组设置和uid设置, 是先于setcredential的. 那我设置这个credential 有啥用处?我用它来做什么?

int pam_setcred(pamh,
flags);
pam_handle_t *pamh;
int flags;

3.1.8.1. DESCRIPTION

The pam_setcred function is used to establish, maintain and delete the credentials of a user. It should be called to set the credentials after a user has been authenticated and before a session is opened for the user (with pam_open_session(3)). The credentials should be deleted after the session has been closed (with pam_close_session(3)).

A credential is something that the user possesses. It is some property, such as a Kerberos ticket, or a supplementary group membership that make up the uniqueness of a given user. On a Linux system the user's UID and GID's are credentials too. However, it has been decided that these properties (along with the default supplementary groups of which the user is a member) are credentials that should be set directly by the application and not by PAM. Such credentials should be established, by the application, prior to a call to this function. For example, initgroups(2) (or equivalent) should have been performed.

PAM的文档搜索起来很费劲.. 大部分的实例都是关于auth方面的.. 这个session方面的比较少.
请懂这方面的朋友给我示意下这个session到底能做些什么?

我现在在做C/S server端的开发.. 想引入pam做用户管理最近在想这个用户对话的保存, 不知道pam是否能满足条件.

再次致谢.

--
Regards,
Guannan

--
Regards,
Guannan

Follow-Ups:
- Re: =?UTF-8?Q?=E8=AF=B7=E6=95=99=E5=A4=A7=E5=AE=B6=E4=B8=80=E4=B8=8B?= =?UTF-8?Q?=E5=85=B3=E4=BA=8EPAM=E7=9A=84=E9=97=AE=E9=A2=98?=
  - From: Jeff Cai

References:
- =?UTF-8?B?6K+35pWZ5aSn5a625LiA5LiL5YWz5LqOUEFN55qE6Zeu6aKY?=
  - From: Guannan Ma

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]