Here's what I'm after; the question is, is there something
I can cannibalize to do this?
When a user logs in, I want to prompt them for the group
they intend to use. I can do all the logic of checking
to see they're in the group and so forth, what I can't figure
out is how to go about giving the prompt and getting the
response.
Do I want to add to the stack in pam.conf? That is, do I
want to simply add a line in a configuration file and
(I assume) supply the module to process that line?
That seems like the thing I'd most like to do. I want
to be able to run this on Solaris if necessary. If I
can write a module to process a line in pam.conf, then
it's trivial to add in the module and edit pam.conf, and
viola, I've got my extra requirement on any and all
machines I want.
I tried looking in several modules which I thought
would do something similar, but i just don't see
where the prompt is being sent, or the reply gotten.
Can you tell me where to look in an existing module
so I can see how it's done?
Or maybe I have the wrong idea altogether about PAM?
j.
--
Jay Scott 512-835-3553 g...@arlut.utexas.edu
Head of Sun Support, Sr. Operating Systems Specialist
Applied Research Labs, Computer Science Div. S224
University of Texas at Austin
[snip]
>
>When a user logs in, I want to prompt them for the group
>they intend to use. I can do all the logic of checking
>to see they're in the group and so forth, what I can't figure
>out is how to go about giving the prompt and getting the
>response.
[snip]
a tip from Bruce Hudson (thx) got me started.
what i found out was that, while you can call setgid() from
lots of places, the only one which i found would remember
that setgid() had been called was in the pam_sm_setcred()
routine. however, i couldn't get pam_setcred() to do the
prompting like i thought it should. pam_sm_authenticate()
would prompt, but setgid() wouldn't be remembered.
i also didn't know that the way to get values passed from
one routine to another was via pam_set_data(),
pam_get_data(). now it's easy: authenticate prompts
and calls pam_set_data(), setcred calls pam_get_data()
and calls setgid().
that, plus some relatively easy mods to pam.conf, and
i'm almost in business.
i notice that CDE's window for getting the group (my
addition, that is) contains the username, as though
that was the default group. seems like that ought
to be a matter of zeroing the response msg before
calling the prompt, but to me, it looks like it is
zeroed. perhaps i can simply supply new structs or
something.....