From: Amon Ott <ao@rsbac.org>
Subject: Re: auth_may_set_cap
Date: Mon, 11 Sep 2000 10:14:31 +0200
Next Article (by Subject): bind() Jörgen Sigvardsson
Previous Article (by Subject): Re: AUTH problems ao@morpork.shnet.org (A. Ott)
Articles sorted by: [Date]
[Author]
[Subject]
(FD_raG, please use Subjects) On Fre, 08 Sep 2000 #FD_raG wrote: > HI :) > What is "auth_may_set_cap" does it mean ??? A program/process with this flag may set process capabilities for other processes. It is meant for secure authentification: - /bin/login process reads username and password - /bin/login process asks a specially secured authentication daemon (with auth_may_set_cap) to check the password and set a setuid cap for it - auth daemon sets a cap for /bin/login process - /bin/login process calls setuid and starts the user shell This was the original AUTH idea and led to its name. Please note that the auth daemon can run under any uid, which should not be the secoff uid. This auth scheme could easily be added with a pam module and an auth daemon, which unfortunately have never been written. Amon. - To unsubscribe from the rsbac list, send a mail to majordomo@rsbac.org with unsubscribe rsbac as single line in the body.
Next Article (by Subject): bind() Jörgen Sigvardsson
Previous Article (by Subject): Re: AUTH problems ao@morpork.shnet.org (A. Ott)
Articles sorted by: [Date]
[Author]
[Subject]