Bug 164833 - RFE: pam_laus PAM module requires a man-page
Summary: RFE: pam_laus PAM module requires a man-page
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: laus
Version: 3.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Steve Grubb
QA Contact: Jay Turner
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-08-01 18:05 UTC by Jason Vas Dias
Modified: 2015-01-08 00:10 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-02-15 15:16:23 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Jason Vas Dias 2005-08-01 18:05:11 UTC
Description of problem:

The pam_laus PAM module can be very confusing to use when there is no
documentation for the 'detach' pam_laus control flag.

If a process may invoke pam_open_session / pam_authenticate within the same
process, the 'detach' control flag must be given to the pam_laus module in
the control file, as in:
  'session optional pam_laus.so detach'
to allow _pam_audit_login to perform a laus_detach() on an already open
laus connection before the laus_attach(), which will fail if the process
has an open laus connection. 

Without the detach control flag, all laus messages for the process will be 
for the first user to set the PAM_USER item with pam_authenticate.

The only way to discover the detach flag up till now is to read the source code.

Comment 1 Jason Vas Dias 2005-08-01 18:52:44 UTC
Fixed with laus-0.1-72RHEL3+ 

Comment 2 Jason Vas Dias 2005-08-19 15:19:17 UTC
laus-0.1-72RHEL3 is now built, and available from:
    http://people.redhat.com/~jvdias/laus/
errata RHBA-2005:752 generated.


Note You need to log in before you can comment on or make changes to this bug.