From: Amon Ott <ao@rsbac.org>
Subject: Re: auth_may_set_cap
Date: Mon, 11 Sep 2000 10:14:31 +0200
Next Article (by Author): REG documentation? Amon Ott
Previous Article (by Author): Re: Possible solution for SMP problems Amon Ott
Articles sorted by: [Date]
[Author]
[Subject]
(FD_raG, please use Subjects) On Fre, 08 Sep 2000 #FD_raG wrote: > HI :) > What is "auth_may_set_cap" does it mean ??? A program/process with this flag may set process capabilities for other processes. It is meant for secure authentification: - /bin/login process reads username and password - /bin/login process asks a specially secured authentication daemon (with auth_may_set_cap) to check the password and set a setuid cap for it - auth daemon sets a cap for /bin/login process - /bin/login process calls setuid and starts the user shell This was the original AUTH idea and led to its name. Please note that the auth daemon can run under any uid, which should not be the secoff uid. This auth scheme could easily be added with a pam module and an auth daemon, which unfortunately have never been written. Amon. - To unsubscribe from the rsbac list, send a mail to majordomo@rsbac.org with unsubscribe rsbac as single line in the body.
Next Article (by Author): REG documentation? Amon Ott
Previous Article (by Author): Re: Possible solution for SMP problems Amon Ott
Articles sorted by: [Date]
[Author]
[Subject]