164833 – RFE: pam_laus PAM module requires a man-page

Bug 164833 - RFE: pam_laus PAM module requires a man-page

Summary: RFE: pam_laus PAM module requires a man-page

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 3
Classification:	Red Hat
Component:	laus
Sub Component:
Version:	3.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Steve Grubb
QA Contact:	Jay Turner
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2005-08-01 18:05 UTC by Jason Vas Dias
Modified:	2015-01-08 00:10 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-02-15 15:16:23 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Jason Vas Dias 2005-08-01 18:05:11 UTC

Description of problem:

The pam_laus PAM module can be very confusing to use when there is no
documentation for the 'detach' pam_laus control flag.

If a process may invoke pam_open_session / pam_authenticate within the same
process, the 'detach' control flag must be given to the pam_laus module in
the control file, as in:
  'session optional pam_laus.so detach'
to allow _pam_audit_login to perform a laus_detach() on an already open
laus connection before the laus_attach(), which will fail if the process
has an open laus connection. 

Without the detach control flag, all laus messages for the process will be 
for the first user to set the PAM_USER item with pam_authenticate.

The only way to discover the detach flag up till now is to read the source code.

Comment 1 Jason Vas Dias 2005-08-01 18:52:44 UTC

Fixed with laus-0.1-72RHEL3+

Comment 2 Jason Vas Dias 2005-08-19 15:19:17 UTC

laus-0.1-72RHEL3 is now built, and available from:
    http://people.redhat.com/~jvdias/laus/
errata RHBA-2005:752 generated.

Note You need to log in before you can comment on or make changes to this bug.