[Dr. Werner Fink] > Currently I've a few open points for PAM support ... > > Which processes should be enabled to use PAM? > IMHO we may skip `+' with their own utmp/wtmp housekeeping > Also the support could be used for system initial boot > and runlevel changes together with the sulogin respawn entry
I have not investigated this PAM patch, but my initial thought would be to use pam only for the sysvinit stuff that need to ask for a user password (single user), to make sure any pam authentication method will work to get root access in an emergency. > Also I'm missing something like housekeeping of PAM sessions > that is if a process has finised what happens to the PAM seesion? > > Then I've to use > > misc_conv() > > from libpam_misc which (hoepfully) isn't used :( > > Then the manual page of pam_setcred() told me that we shall use > it *before* pam_open_session() ... which is currently reversed. Session handling might be a problem, but as I said, I have not investigated this. > Beside this we require a further file that is > > /etc/pam.d/init > > otherwise the stuff makes no sense. I would expect it to use /etc/pam.d/login. Happy hacking, -- Petter Reinholdtsen
